Yes, the user has been created as per the BackupPC instructions.
I have just done some further experimentation by changing the user BackupPC is expecting to use to root and the error disappears (But this is very unsecure according to BackupPC documentation). So it is looking like the Apache process is not switching user as it should.
I have no problems when I change the User to myself and restart apache. ps aux shows that I am the owner of the processes. I’d concentrate on why apache is not switching users.
Found that the ITK version of Apache (httpd2-itk) server is experimental and one of it features is to allow virtual hosts to run under separate UIDs and GIDs. As I was having issues in this area. I uninstalled the ITK Apache server, via YaST, and reinstalled the standard Apache2 (httpd2-prefork), made sure that the uid.conf file was how I wanted it and ran the server up. Now the ps aux command shows the apache processes running as the user defined in the uid.conf. And BackupPC now works.
Note to Novell on this. Out of the box the configuration for the ITK version of Apache is running insecurely… it is ignoring the default wwwrun user and using root, is this a possible security issue?
I am thinking that maybe it needs the root level to start, this is what I understand these sort of processes need to do, to open ports below 1024 etc., and then it should switch to lower level privileges. However, even if I am NOT using vhosts the “default-server” to me should still drop level once initalised. ?? As this is experimental maybe some default config/option elsewhere in the configuration is not right? Wondering if I should open a bug on this as there did not seem to be any open in this area that I could see.
I think this is how it works. Once switched to a non-root UID, it cannot switch to another UID. Therefore the master ITK server has to run as root to be able to run various children under different UIDs. Better read the ITK doco so you don’t get embarrassed after filing a “bug” report.
