[Python-apps-team] Bug#788871: rdiff-backup: Please improve error message when target user for SSH login has shell set to /usr/sbin/nologin

David North david-dpkgs at dnorth.net
Mon Jun 15 19:29:14 UTC 2015


Package: rdiff-backup
Version: 1.2.8-7
Severity: important
Tags: upstream

Upon upgrading both my backup server and my server being backed up to Debian 8.0 Jessie, backups
started failing with:

Exception '' raised of class '<type 'exceptions.MemoryError'>':
  File "/usr/lib/python2.7/dist-packages/rdiff_backup/Main.py", line 304, in error_check_Main
    try: Main(arglist)
  File "/usr/lib/python2.7/dist-packages/rdiff_backup/Main.py", line 321, in Main
    rps = map(SetConnections.cmdpair2rp, cmdpairs)
  File "/usr/lib/python2.7/dist-packages/rdiff_backup/SetConnections.py", line 76, in cmdpair2rp
    if cmd: conn = init_connection(cmd)
  File "/usr/lib/python2.7/dist-packages/rdiff_backup/SetConnections.py", line 152, in init_connection
    check_connection_version(conn, remote_cmd)
  File "/usr/lib/python2.7/dist-packages/rdiff_backup/SetConnections.py", line 160, in check_connection_version
    try: remote_version = conn.Globals.get('version')
  File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 450, in __call__
    return apply(self.connection.reval, (self.name,) + args)
  File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 368, in reval
    result = self.get_response(req_num)
  File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 315, in get_response
    try: req_num, object = self._get()
  File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 240, in _get
    data = self._read(length)
  File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 210, in _read
    try: return self.inpipe.read(length)

This was in response to executing (on the backup server):

rdiff-backup --remote-schema "ssh -C -p 22 -i /var/backups/.ssh/id_rsa_backups %s /usr/bin/rdiff-backup --restrict-read-only /" user at target-server /var/backups/target-server/

I eventually tracked this down to the following cause:

* The Debian upgrade changed the shell of the backup user to /usr/sbin/nologin
* rdiff-backup --server --restrict-read-only / is set as the forced command for the SSH key used to log in to target-server, and forced commands are run via the user's shell

Changing backup at target-server's shell back to /bin/sh fixed the problem, but the error message was very little help,
other than for Googling.

References:

https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-March/033739.html
http://lists.nongnu.org/archive/html/rdiff-backup-users/2011-05/msg00030.html

-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages rdiff-backup depends on:
ii  libc6      2.19-18
ii  librsync1  0.9.7-10
ii  python     2.7.9-1
ii  python2.6  2.6.8-1.1
ii  python2.7  2.7.9-2

Versions of packages rdiff-backup recommends:
ii  python-pylibacl  0.5.2-1
ii  python-pyxattr   0.5.3-1

rdiff-backup suggests no packages.

-- no debconf information



More information about the Python-apps-team mailing list