How to run backintime as a user

Question

To allow users to run backintime. I am usually running backintime-kde on ubuntu in the following way:

sudo su
ssh-agent bash
backintime-kde4 --config /root/.config/backintime/config --profile-id 1

This is the only way I found which was working on my system. In particular

sudo backintime-kde4

and

kdesudo backintime-kde4 

will not work.

I would like to allow ordinary users who do not have permissions to run sudo su to execute backintime as well. Can I somehow create a shell-script from the commands which can be executed by any user such that he has to enter at most his own password (and maybe that of the ssh-key).

Please do not suggest alternate ways of running backintime. I merely search a method equivalent to the one described above (such that backintime operates in the same tested way). However the user should be able to run it without being able to obtain general root privileges.

Answer 1

There seems to be more than one issue:

1. Bug #1276348

ssh-agent is missing in backintime-kde in versions <= 1.0.34. Please install this patch with sudo patch /usr/bin/backintime-kde4 < backintime-kde4.diff

2. sudo vs. kdesudo

sudo doesn't change $HOME but kdesudo does.

$ sudo env | grep ^HOME
HOME=/home/germar
$ kdesudo env | grep ^HOME
HOME=/root

BackInTime need to be started with kdesudo (or gksudo on Gnome). That's also why BIT didn't found your config automatically.

3. Permissions are messed up

You might have messed the permissions.

/home/<USER>/.config/backintime/ and /home/<USER>/.local/share/backintime/ should be owned and writeable only by <USER>

/root/.config/backintime/ and /root/.local/share/backintime/ should be owned and writeable only by root

4. Make various users able to run BackInTime as root

First of all: this is very dangerous and I will NOT recommend doing this!

Your users will have write access to the whole system. They can change every configuration, spy on other users home folders and break the whole system. This will undermine every security concept of Linux.

You should rather configure BackInTime for every single user so they will just backup their own home. This way they don't need root permissions at all and you and I can sleep well again ;-)

If you still want to do so you could create a new group sudo addgroup backintime and add your users as members sudo adduser <USER> backintime. Then add this line to /etc/sudoers

%backintime ALL=NOPASSWD: /usr/bin/backintime-kde4

Log out and log in with <USER> to activate the group membership and you should be able to run kdesudo -c /usr/bin/backintime-kde4 without being asked for a password. But again: DON'T DO THIS

_{Disclaimer: I'm member of BackInTime Dev-Team}