• Sean Kimball
    0
    Just trying to test/preview the software & things are not going well.

    1. Finding where & how to configure the web client was difficult enough, it seems to work well, but the issue I am having is that it seems any system user can log in and configure/modify backups!?
    I am running on an Amazon lightsail container so there are no 'root' credentials (sort of) so I created a user with no special privileges & was able to log into the web console using that users credentials....
    Q. Is there a way to create/specify a specific privileged user that can ONLY manage backups?

    2. I created a backup job of a couple of websites and a few system directories. That backup failed (consistently) It listed only 147 files, where there should be several thousand. I go t a bunch of errors in the logs:
    2019-11-05 03:50:14,310475 [WARN ]: [ CBB ] [ 4 ] Backup path not readable: /var/www/vhosts/fs/partner
    2019-11-05 03:50:14,311457 [WARN ]: [ CBB ] [ 4 ] Backup path not readable: /var/www/vhosts/fs/shared
    2019-11-05 03:50:14,313199 [WARN ]: [ CBB ] [ 4 ] Backup path not readable: /var/www/vhosts/fs/private
    2019-11-05 03:50:14,313888 [WARN ]: [ CBB ] [ 4 ] Backup path not readable: /var/www/vhosts/fs/unlisted
    2019-11-05 03:50:14,314735 [WARN ]: [ CBB ] [ 4 ] Backup path not readable: /var/www/vhosts/fs/public
    

    - notifications were not sent
    - seems to be no way to report or view "history" from the web console (had to view logs from the server)

    Can this be related to an unprivileged user logging into the console & creating the backup?

    3. Is there a way to wildcard directory structures in the backup job? i.e. I have a couple hundred websites that I don't want to backup logs for ... is there a config that can be edited to say do not backup /var/www/vhosts/*/logs/* sort of thing?
  • Klim
    4
    Hello ,

    Thank you for your interest in our product. Let me cover your questions:

    1. Yes, a system user can log in to the web console and manage backups. Unfortunately, there is no way to create a user who can only manage backups.

    2. I guess you have not enough rights to backup those files:

    2019-11-05 03:50:14,310475 [WARN ]: [ CBB ] [ 4 ] Backup path not readable: /var/www/vhosts/fs/partner
    2019-11-05 03:50:14,311457 [WARN ]: [ CBB ] [ 4 ] Backup path not readable: /var/www/vhosts/fs/shared
    2019-11-05 03:50:14,313199 [WARN ]: [ CBB ] [ 4 ] Backup path not readable: /var/www/vhosts/fs/private
    2019-11-05 03:50:14,313888 [WARN ]: [ CBB ] [ 4 ] Backup path not readable: /var/www/vhosts/fs/unlisted
    2019-11-05 03:50:14,314735 [WARN ]: [ CBB ] [ 4 ] Backup path not readable: /var/www/vhosts/fs/public
    Sean Kimball

    Please execute the following command and let me know the result:

    sudo chown root:wheel /opt/local/CloudBerry\ Backup/plans/*
    

    Regarding the notification issue, as I can see you did not verify your email address, so I send you another confirmation email.

    seems to be no way to report or view "history" from the web console (had to view logs from the server)Sean Kimball

    Could you please provide me with a screenshot from the web console?

    3. We have an option to skip specific folders and types of files. You can manually uncheck all folders for which you do not want to back up.

    I've added your requirements to our feature tracking system and I'll keep you posted on this matter.

    I would appreciate if you can elaborate your use-case a bit more detailed for me.
  • Sean Kimball
    0
    WOW. Just simply WOW......

    Decided to do a little testing with users, it appears that when a system user logs in and creates a backup plan, that plan is written to the etc/plans directory with their permissions. ~ OK, the cbb process appears to be running as root, which makes no sense that it should not have permission to open various directories ???

    But that's not the horrifying part. I was able to create an FTP user VIA the hosting control panel (Plesk) - guess who was able to log in as a lowly unprivileged FTP user and potentially make a backup of all my data to any location they desire?

    -rw-r--r-- 1 root        root   4512 Nov  4 21:52 {3f13ce43-fd5d-4403-aeb1-52d3b96f0dbc}.cbb
    -rw-r--r-- 1 root        root   4260 Nov  6 18:19 {48fc42a5-08da-4e6b-943c-b9f4596779fc}.cbb
    -rw-r--r-- 1 randy_5643 psacln 4302 Nov  6 18:30 {6d8321b7-d463-4736-8b73-846784afff94}.cbb
    -rw-r--r-- 1 root        root   4330 Nov  6 18:26 {eb078eb8-7e04-47ac-9c64-f90d681cefab}.cbb
    

    In theory, one of my hosting clients can now create an FTP account, log into the CloudBerry web access console and start backing up data to wherever they want.

    IMO access to the web app is basically not controlled. kill -9 etc.

    2. see above

    3. I have several hundred websites in the /var/www/vhosts/ directory files I would like to exclude are logs and caches...

    /var/www/vhosts/DOMAIN_1/logs/LOGFILES
    /var/www/vhosts/DOMAIN_2/logs/LOGFILES

    etc

    I would like to be able to set wildcards to exclude files and directories:

    exclude:
    /var/www/vhosts/*/logs/*.*

    <excludeFilesWildcard>
    <value>/var/qmail/mailnames/*/*/Maildir/new/*</value>
    <value>/var/qmail/mailnames/*/*/Maildir/cur/*</value>
    <value>/var/qmail/mailnames/*/*/Maildir/tmp/*</value>
    <value>/var/lib/php/session/*</value>
    <value>/var/qmail/queue/*/*/*</value>
    <value>/var/www/vhosts/*/statistics/*/*</value>
    <value>/var/www/vhosts/*/web_users/*</value>
    <value>/var/www/vhosts/*/tmp/*</value>
    <value>/var/www/vhosts/system/*/statistics/*/*</value>
    <value>/var/www/vhosts/system/*/logs/*</value>
    <value>/var/www/vhosts/*/logs/*</value>
    </excludeFilesWildcard>
    
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment

Welcome to MSP360 (CloudBerry) Forum!

Thank you for visiting! Please take a moment to register so that you can participate in the discussions!