[rdiff-backup-users] My rdiff-backup web interface

[Justin Chevrier]

Hello all,

I found out about rdiff-backup a few months ago when I was looking for a 
method of doing
autonomous backups that could take place efficiently over a network 
link. rdiff-backup fit
the bill perfectly. My primary use for rdiff-backup is to do backups 
remotely for shares
on our windows active directory network. I am using a custom built dual 
Athlon rig running
Linux on 6 250GB IDE drives in a RAID 5 array all tied together with a 
3ware RAID card.
After getting it up and running I personally saw to restoring any files 
that were lost
or corrupt as they appeared. After a while this became somewhat 
burdensome to have to do
and was a problem if I happened not to be around. So I set to work on 
creating an
interface for restoring files in a way that any member of our department 
could do with
ease. Below I will outline what I did to create my interface, what tools 
I used and
libraries that I rely on and any pitfalls along the way.

I decided right away to do a web interface for speed of development as 
well as being
able to restore files from any web enabled workstation. I also settled 
on PHP for the
script to use in creating the interface; I hadn't programmed much in it 
up until this point
and I felt like a bit of a challenge :). I'm sure the php gurus out 
there will see
some bad things I've done! Okay, to the specifics:

Details of Operation:

When first loading the script it will ask for a username and password. 
This is authenticated
via PAM modules and in my case the PAM module for PHP uses winbind to 
allow users to have the
same password here as they do on our windows domain. After successfully 
logging in it will
present you with a list of directories and the increments available in 
them. You first
choose an increment, it will then list all of changed/deleted/new files 
in the increment or
you can search that particular increment for specific files. Do not use 
wild cards here
(ala *.doc) instead just search as the text appears in the filename. For 
example, if you
wanted to find all the '.doc' files search for '.doc'. After either 
searching or listing
the increment it will then list all of the matching files. You can place 
a checkbox
beside how ever many files/directories you want to restore. If you chose 
to list the
increment: Red means deleted from this increment to the latest 
increment, green means
something new added between this increment and the latest and yellow 
means that the file
has changed. After choosing the files you would like to restore you can 
choose a Windows
share (note: must point to share directly, not to directories under the 
share) to restore
the files to. Put in the username and password of someone that has 
access to the share
you're restoring to. Click 'restore' and the files will appear at that 
location!

Some Notes:

1) As stated, the path to the restore location must be a share, and not 
a directory under a
share, or a local path (eg. use: //server/share, not: 
//server/share/directory)

2) The script does not restore the full path when you choose a single 
file, it will just
create that file in the path it is pointed to. As a result if you have 
two files with the
same name in different directories and restore them both in one step 
they will smash each
other, in other words the next file in the list of files to be restored 
will overwrite the
previously restored one. You can restore a full path by choosing a 
directory in the list.

3) The script calls mount, rdiff-backup, etc directly by their command 
line and doing a 'sudo'
to access the required functionality. This is probably bad in general 
but less of a
concern here as it is a secure network and the script will be accessed 
internally only.

4) The list directories to be searched for increments by the script are 
collected from
'/etc/rdiff-man.conf' This is just a simple file with each directory to 
be checked listed
on a line of its own.
eg.

**BOF
/mnt/backup/finance
/mnt/backup/users
/mnt/backup/groups
**EOF

5) To set the domain for your windows network chanage the 'DOMAIN in 
'$restore_domain = "DOMAIN";'
to whatever is correct on your domain

6) There is not as much error checking as there should be



Libraries and versions used:

pam_auth for php - http://www.math.ohio-state.edu/~ccunning/pam_auth/

Version: 4.3

I placed the source for this right in the PHP extention source directory 
before compiling PHP
(eg. ./php-4.3.7/ext/pam_auth)

* The above is for the initial login authentication. If no login 
authentication is required
that portion of the php script can be ripped out. I liked this approach 
because I am
running Samba with winbind on this server as well and I simply tied 
pam's php module
into winbind to authenticate against the AD.

I have attached the PAM file i used for PHP at the end of this email. 
This file, called 'php'
is placed in '/etc/pam.d/'


PHP - http://www.php.net

Version: 4.3.7
Config: ./configure -prefix=/usr/local/php 
-with-apxs2=/usr/local/apache2/bin/apxs --with-pam_auth

* I custom compiled PHP from source to include the pam_auth module. This 
was the only
way that I could get the pam_auth module to work


Apache - http://www.apache.org

Version: 2.0.49
Config: ./configure –prefix=/usr/local/apache2 –enable-mods-shared=most


RedHat Linux

Version: 9.0 with custom compiled kernel 2.6.7, CIFS file system support 
compiled in



Assumptions:

I used the CIFS file system to connect to Windows shares for restoring 
files. If you would like to
use SMBFS, NFS, etc the appropriate changes can be made to the mount 
commands.

I have created a 'php' user for the script to run under. This user is in 
the wheel group to access
the sudo command (see '/etc/group').

I have granted users in the 'wheel' group access to sudo without 
requiring a password:
'%wheel ALL=(ALL) NOPASSWD: ALL'


I believe that is all (or all that I can think of right now). Hopefully 
someone out there has some
use for this script/interface, I know it's made things a lot easier for 
me! :)

Justin Chevrier


#%PAM-1.0
auth       sufficient   pam_winbind.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    sufficient   pam_winbind.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so




%s\n",$file_list[$j]);
      } else if (substr($file_list[$j],0,7) == "deleted") {
         $file_list[$j]=strstr($file_list[$j],' ');
	 $file_list[$j]=trim($file_list[$j]);
         printf("%s\n",$file_list[$j]);
      } else if (substr($file_list[$j],0,7) == "changed") {
         $file_list[$j]=strstr($file_list[$j],' ');
	 $file_list[$j]=trim($file_list[$j]);
         printf("%s\n",$file_list[$j]);
      } else {
         printf("%s\n",$file_list[$j]);
      }
   }
}

if (isset($_POST['search']) && $_POST['search'] == 'Search') {
?>

" method="post">
Restore Path:  
UserName:      
Password:      


%s
",$session);
   $list_cmd = `sudo rdiff-backup --list-at-time $session $path |grep "$search_text"`;
   $list = split("[\n\r]",$list_cmd);
   $list_length = count($list);
   for ($n=0; $n<=$list_length; $n++)
{
if($list[$n]!='')
      $list[$n]="changed $list[$n]";
}
   show_files($path, $list);
?>
">
">

";
      echo "SourceDestination";
      $text=$_POST['file'];
      foreach ($text as $file_list ) {
         $pos = strrpos($file_list,"/");
         $len = strlen($file_list);
         $filename = substr($file_list, $pos+1, $len-pos-1);
         $back_path=$_POST['path'];
         $back_date=$_POST['date'];
         $cmd = `sudo rdiff-backup -r $back_date "$back_path/$file_list" "$restore_mount_point/$filename"`;
         echo "$file_list";
         echo "$restore_path/$filename";
      }
      echo "";
      $cmd = `sudo umount /mnt/restore`;
      echo "

---

Successfully Restored!";
   } else {
      printf("%s",$mount_cmd);
   }?>
" method="post">

" method="post">
Restore Path:  
UserName:      
Password:      



">
">

" method="post">



Go Back';
}

} else if (isset($_POST['logged']) && ($_POST['logged'] == 'Logged In') || ($_POST['logged'] == 'Return')){
   $restore_path = file('/etc/rdiff-man.conf');
   $num_directories = count($restore_path);
   echo "";
   for ($k=0; $k<$num_directories; $k++) {
      $restore_path[$k] = trim($restore_path[$k]);
      printf("",$restore_path[$k]);
      $cmd = `sudo rdiff-backup -l $restore_path[$k]`;
      $list[$k] = split("\n",$cmd);
      $length[$k] = count($list[$k]);
      ?>
";

} else {
?>
" method="post">
UserName:      
Password:

---

reply via email to

---

%s

" method="post"> ">

Search: