[Box Backup] Box Backup on Rails - Part 2

[Fry, Joseph]

> > As a suggestion, it should be configurable to recover to a)=20
> origional=20
> > location b) new location c) download locally.  Also it=20
> would be great=20
> > if it could have some user rights controls.  For example, I=20
> would love=20
> > it if users could only restore files that they had write=20
> permission's=20
> > on (that my not be possible). Finally I would like to see=20
> it send an=20
> > admin an email whenever files are restored... At least that=20
> way we can=20
> > determine if someone is restoring files they shouldn't be.
>=20
> I would say only "c" is feasible, since all requests are=20
> executed by the web server which should not run as root and=20
> therefore could not restore files into any other location=20
> than "/tmp"...

As far as a) and b) were concerned, if the web gui were to make calls =
against BB itself, it could be done.  For example, BB is modified to =
listen on a certain port for commands, the rails app issues commands =
directly to it.  Of course this would be a major security issue as well, =
 perhaps not a good idea.

> When you say that you will backup the web server, then the=20
> client part of Box Backup will need to be installed there and=20
> so the keys and certificates will be there, but hopefully=20
> only readable by root.

Actually, I am doing things the other way around.  I am backing =
important files from our local file server, to our webserver.  Our =
webserver is hosted at a reliable webhost with excellent backup services =
and unlimited uploads.  So it's an ideal location to store our backup =
assuming that it is properly encrypted, this is why I am interested in =
BB to begin with.
=20
> So, if you run "Box Backup on Rails" on the box backup server=20
> with only internal access it may not be a big problem with=20
> storing key and certificates in the database. Also, then you=20
> have the possibility of accessing more than one box backup=20
> account within the same web interface.

The BB server will be our remote websever at the hosting company, and =
thus it is a big deal.  This is why I liked the idea of having a web =
based management app on the client... To allow me to remotely manage the =
client.
=20
> Letting people only restore files they own is not possible, I=20
> think. I do not thinl the username is stored in the archive=20
> and the "if writable" part does not seem possible.

I knew that those goal would be difficult if even possible to implement. =
 I was looking at it along the lines of a way to use the filesystem =
permissions to determine if the user can restore a file... So for =
example, if a sales guy deleted something in their shared folder he =
could restore it, but he could not restore employee records that were in =
the management shared folder.  Of course that would require a lot more =
integration with the BB client host os... Not an easy thing to develop =
cross platform.

I had something similar using rsync and samba.  I had one server use =
rsnapshot to create hourly backups on to another local machine.  Users =
had access to both machines via samba, because the files maintained =
permissions users could only access their own data on the backup server. =
 It was an awesome solution for our students, as I often wasn't =
available when the student needed a file they had deleted/overwritten so =
with it they could simply connect to the backup server (via a mounted =
samba share) and locate the file they needed and copy it back to their =
home directory.

I would love to do something similar with BB, allow the users an easy =
way to restore files, however I fear that without proper permissions in =
place, users would be able to restore files that they should not be =
accessing.

Joe




--=20
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.15/728 - Release Date: =
3/20/2007 8:07 AM
=20