Page 2 of 2

Re: Core Dump Error Message

Posted: Sun Feb 08, 2015 8:26 pm
by faris
Sorry, cron for what in Plesk, and forces you to login for what/why?

Re: Core Dump Error Message

Posted: Sun Feb 08, 2015 8:42 pm
by KrazyBob
Hey Faris,

Long time...

I am trying to run a CRON for VZABackup and even though I have keys on both machines that allow me to login without a password VZA forces me to enter the root username and password.

Re: Core Dump Error Message

Posted: Mon Feb 09, 2015 8:29 am
by faris
Wouldn't the cron would have to go in the hardware node rather than in Plesk because it would have to run as root on the HN itself?

If you create a shell script for the cron job to run, you can put the root password in the command line for the backup in it that file, if I recall correctly.

Yes, you then end up with a plaintext root password in a file. But if you change it so that only root can read/execute it, there would be a small level of extra security. Not ideal, and not something I'd want to do or ever recommend, but it would work.

I bet there's a better way, but unfortunately I don't know what that might be.

Wasn't there something about using passwordless keys on the VZ documentation? I know that when I run vzbackup (not vzAbackup) without any root password anywhere, I get asked for the password for my key, not the root password. If the key was password-less, I'd expect it to work without any further input. "Expect", not "know", you will note.

However, you again end up in a situation where one system then has passwordless access to another one, which is potentially as bad as leaving the root password in the file.

I'm pretty sure you can restrict what commands a particular key has access to. I remember discussing it here somewhere a long time ago. But I don't know what the vzbackup command needs to access on the remote node, so that's no use to us right now.

Another thought -- what happens if you initiate the backup and store the backup on the same node as the running Container? Does that still require a password of any kind? If not, then you could do the backup locally and then transfer it somewhere else using a different mechanism.

Sorry if none of this is any help. I'm just thinking out loud in the hope that something might be useful.