Hey all
I have a cron job (that runs under root user) that calls a script that creates a tarball of directories /root /opt /etc and /home
My question is this; what would be the most efficient way to have this create the tarball and encrypt it,
preferably with gpg that uses the key created for a user other than root (chris in this case).
I can do this if I run it as myself (of course, since I have the cipher) but Is it possible based on the scenario provided?
I have read that openssl can be used but that is not my objective.
Currently (as a work-a-round), I am using 7z with a password being passed from the script (I know, not a good way of doing this but it works for now).
Any ideas/help/alternatives would be greatly appreciated.
TIA and cheers
Chris
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[SOLVED]: Encrypting tarballs via cron
- dilberts_left_nut
- Administrator
- Posts: 5347
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Encryting tarballs via cron
So why can't you just use chris's key?
AdrianTM wrote:There's no hacker in my grandma...
- cds60601
- df -h | participant
- Posts: 739
- Joined: 2017-11-25 05:58
- Location: Florida
- Has thanked: 136 times
- Been thanked: 65 times
SOLVED: Encrypting tarballs via cron
Well - I certainly don't claim to be an expert at using gpg but I did find an alternative way of getting around this. But to your question; The cron job is created under user root so therefore I assume it is being ran as root. the root user does not have a pub/priv key created (I suppose I could go through the work flow of doing that, importing the pub keys of both root and chris, etc) then I assume it wouldn't matter (again, I stress that I am by now means fluent in gpg) at that point.dilberts_left_nut wrote:So why can't you just use chris's key?
But I did some playing around and I came up with this syntax;
tar $xclude -czvpf - $backup_files | gpg --symmetric --cipher-algo aes256 --batch --passphrase=$ziggy -o $dest/$destdir/$archive_file
and this produces a file named: philby_2018-02-01_010001.tgz.gpg
The parms $ziggy is defined within the script being called with a nonsensical password that the user (chris) can use to access the gpg file.
It's a horrid kludge I'm sure - but it does accomplish what I need it to do.
Supercalifragilisticexpialidocious
- dilberts_left_nut
- Administrator
- Posts: 5347
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Encryting tarballs via cron
I thought the point of gpg was that *anybody* could encrypt stuff with chris's pubkey and then only chris could decrypt it with his private key.
AdrianTM wrote:There's no hacker in my grandma...