Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Borg not found on the remote host. #166

Open
SimonLefort opened this issue Jul 24, 2024 · 3 comments
Open

Borg not found on the remote host. #166

SimonLefort opened this issue Jul 24, 2024 · 3 comments

Comments

@SimonLefort
Copy link
Contributor

Describe the bug

I have two servers with Yunohost.

ServerA : Apps and data
ServerB : Backups

There are a user "userA" on "ServerB" to use borg serve and receive backups. This user can't use borg so the backup failed.

Context

  • Hardware: Two VPS online
  • YunoHost version: Same for both
# yunohost --version
yunohost: 
  repo: stable
  version: 11.2.22
yunohost-admin: 
  repo: stable
  version: 11.2.7
moulinette: 
  repo: stable
  version: 11.2.1
ssowat: 
  repo: stable
  version: 11.2.1.1
  • I have access to my server: Through SSH and through the webadmin
  • Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no
  • Using, or trying to install package version/branch:
root@serverA:~$ yunohost app info borg
description: Regularly create deduplicated, encrypted backups sent to another server using Borg
name: Borg Backup to serverB
version: 1.2.8~ynh2

root@serverB:~$ yunohost app info borgserver
description: Offer backup storage to a friend
name: Borg Server for serverA
version: 1.2.8~ynh1

Steps to reproduce

For example, if I try to see if I am concerned by CVE-2023-36811 :

$ sudo env BORG_RSH="ssh -i /root/.ssh/id_borg_ed25519 -p 22 -oStrictHostKeyChecking=yes " BORG_PASSPHRASE="$(sudo yunohost app setting borg passphrase)" BORG_RELOCATED_REPO_ACCESS_IS_OK=yes BORG_REPO="$(sudo yunohost app setting borg repository)" /var/www/borg/venv/bin/borg upgrade --show-rc --check-tam $BORG_REPO
Remote: bash: line 1: borg: command not found
Connection closed by remote host. Is borg working on the server?
terminating with error status, rc 2

But it's the same if I am connected on serverB with userA and try to execute "borg" :

userA@serverB:~$ borg --help
bash: borg: command not found

userA@serverB:~$ borg="/var/www/borg/venv/bin/borg"

userA@serverB:~$ $borg --help
bash: /var/www/borg/venv/bin/borg: Permission denied

Expected behavior

userA on serverB must access to borg.

Logs

Logs said :

Remote: bash: line 1: borg: command not found

I also write about this problem on the forum : https://forum.yunohost.org/t/borg-borg-pas-dans-le-path/30520

Thanks in advance.
@SimonLefort
Copy link
Contributor Author

SimonLefort commented Jul 24, 2024
edited
Loading

I try to add userA in the borg group :

root@serverB:~# groups userA
userA : userA ssh.app

root@serverB:~# id userA
uid=1001(userA) gid=1001(userA) groups=1001(userA),1002(ssh.app)

root@serverB:~# usermod -a -G borg userA

root@serverB:~# id userA
uid=1001(userA) gid=1001(userA) groups=1001(userA),993(borg),1002(ssh.app)

root@serverB:~# su userA

userA@serverB:~$ borg="/var/www/borg/venv/bin/borg"

userA@serverB:~$ $borg --help
usage: borg [-V] [-h] [--critical] [--error] [--warning]
            [--info] [--debug] [--debug-topic TOPIC] [-p]
            (...)

It helps, userA can now launch borg. I can check the last backup :

userA@serverB:~$ borg="/var/www/borg/venv/bin/borg"
userA@serverB:~$ $borg list /home/userA/backup/
(...)
_auto_conf-2024-05-31_00:00          Fri, 2024-05-31 00:00:38 [5f9....50d0]
(...)

But it doesn't allow me to do a backup.

I try to change the command in authorized_keys :

$ cat /home/userA/.ssh/authorized_keys
command="/var/www/borg/venv/bin/borg serve --storage-quota 1000G --restrict-to-repository /home/userA/backup",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc ssh-ed25519 AA(...)8i root@serverA.be

On serverA, I start borg service :

$ sudo systemctl start borg &

It doesn't fail directly :

$ sudo systemctl status borg
● borg.service - Run backup borg
     Loaded: loaded (/etc/systemd/system/borg.service; static)
     Active: activating (start) since Wed 2024-07-24 08:04:55 UTC; 14min ago
     (...)

On serverB, I can't do a borg list because there is a lock :

$ $borg list /home/userA/backup/
Failed to create/acquire the lock /home/userA/backup/lock.exclusive (timeout).

Seems good 👍 ? I am waiting to be sure...

@SimonLefort
Copy link
Contributor Author

It works. Backup seems good since the last message. But I am afraid it will break again at the next backup...

@Gredin67
Copy link
Contributor

Gredin67 commented Aug 25, 2024
edited
Loading

After upgrade of borgserver app, I think I had a similar issue https://paste.yunohost.org/raw/tiguxemobu
A solution might be to check on serverB :
/home/serverAuser/.ssh/authorized_keys
Here you may have several lines. Only keep the last one starting with
command="/var/www/borgserver__14/venv/bin/borg
Comment out all lines starting with command="borg

ping @zamentur @Salamandar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SimonLefort @Gredin67