[Python-apps-team] Bug#788871: rdiff-backup: Please improve error message when target user for SSH login has shell set to /usr/sbin/nologin
David North
david-dpkgs at dnorth.net
Mon Jun 15 19:29:14 UTC 2015
Package: rdiff-backup
Version: 1.2.8-7
Severity: important
Tags: upstream
Upon upgrading both my backup server and my server being backed up to Debian 8.0 Jessie, backups
started failing with:
Exception '' raised of class '<type 'exceptions.MemoryError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/Main.py", line 304, in error_check_Main
try: Main(arglist)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/Main.py", line 321, in Main
rps = map(SetConnections.cmdpair2rp, cmdpairs)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/SetConnections.py", line 76, in cmdpair2rp
if cmd: conn = init_connection(cmd)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/SetConnections.py", line 152, in init_connection
check_connection_version(conn, remote_cmd)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/SetConnections.py", line 160, in check_connection_version
try: remote_version = conn.Globals.get('version')
File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 450, in __call__
return apply(self.connection.reval, (self.name,) + args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 368, in reval
result = self.get_response(req_num)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 315, in get_response
try: req_num, object = self._get()
File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 240, in _get
data = self._read(length)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 210, in _read
try: return self.inpipe.read(length)
This was in response to executing (on the backup server):
rdiff-backup --remote-schema "ssh -C -p 22 -i /var/backups/.ssh/id_rsa_backups %s /usr/bin/rdiff-backup --restrict-read-only /" user at target-server /var/backups/target-server/
I eventually tracked this down to the following cause:
* The Debian upgrade changed the shell of the backup user to /usr/sbin/nologin
* rdiff-backup --server --restrict-read-only / is set as the forced command for the SSH key used to log in to target-server, and forced commands are run via the user's shell
Changing backup at target-server's shell back to /bin/sh fixed the problem, but the error message was very little help,
other than for Googling.
References:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-March/033739.html
http://lists.nongnu.org/archive/html/rdiff-backup-users/2011-05/msg00030.html
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages rdiff-backup depends on:
ii libc6 2.19-18
ii librsync1 0.9.7-10
ii python 2.7.9-1
ii python2.6 2.6.8-1.1
ii python2.7 2.7.9-2
Versions of packages rdiff-backup recommends:
ii python-pylibacl 0.5.2-1
ii python-pyxattr 0.5.3-1
rdiff-backup suggests no packages.
-- no debconf information
More information about the Python-apps-team
mailing list