Having been running BackupPC for the last several months, we wanted to hand off some of the periodic auditing that we do to a non-admin user. BackupPC allows for host-specific users that have full access to a specific host or hosts but there's currently no facility to allow for a user who can see data on each host in a read-only fashion. Read on for how we implemented this interface.

Ideally, this would take the form of a special "audit" user who could use the existing admin interface to view host information and possibly do a test restore of data to a temporary location but not be able to make configuration changes or start/stop backup jobs.

To get this setup, and lacking this built-in functionality, I chose to go with a de-featured copy of the admin interface. This allows for the continued, unmodified, use of the BackupPC code base for the admin interface and adds a separate audit interface that can be used to view, in a read-only fashion, the server status, host logs and backup set contents.

The changes shown here were done on an Ubuntu Hardy Heron system. These changes should work fine on other packaged systems, adjusting the paths and commands as necessary.

First, we'll create the audit interface CGI script. We'll put this in a separate directory from the existing admin interface CGI.

    cd /usr/share/backuppc/
    mkdir audit
    cp cgi-bin/index.cgi audit/audit.cgi
    chown backuppc:backuppc audit/audit.cgi
    chmod 4755 audit/audit.cgi

Edit audit.cgi, removing the items from the ActionDispatch hash that you don't want the audit interface to have access to. The remaining actions defined here will be those that the audit user will be able to use. Something like this should work:

    my %ActionDispatch = (
        "summary"                    => "Summary",
        "view"                       => "View",
        "LOGlist"                    => "LOGlist",
        "browse"                     => "Browse",
        "dirHistory"                 => "DirHistory",
        "hostInfo"                   => "HostInfo",
        "generalInfo"                => "GeneralInfo",
    );

Create a new htpasswd file for the audit interface to use using the backuppc username and a different password from the one used by the existing backuppc user used by the default admin interface:

    htpasswd -c /etc/backuppc/htpasswd.audit backuppc

Edit the /etc/backuppc/apache.conf configuration file. You'll want to change the AllowOverride entry in the existing Directory block for the /usr/share/backuppc/cgi-bin/ directory and add a new Directory block for the /usr/share/backuppc/audit/ directory.

First, change the AllowOverride entry in the cgi-bin Directory block to read:

            AllowOverride AuthConfig Limit

Then add a block, similar to the existing block, to point to the audit directory:

    Alias /audit /usr/share/backuppc/audit/
    <Directory /usr/share/backuppc/audit/>
            AllowOverride None

            Options ExecCGI FollowSymlinks
            AddHandler cgi-script .cgi
            DirectoryIndex audit.cgi

            AuthGroupFile /etc/backuppc/htgroup
            AuthUserFile /etc/backuppc/htpasswd.audit
            AuthType basic
            AuthName "BackupPC Audit"
            require valid-user

    </Directory>

Create a /usr/share/backuppc/image/.htaccess file so that audit.cgi can access the image, css and js files located therein. Modify the "Allow" entry as needed. This will effectively restrict access for the audit interface to the hosts or networks allowed, but continue to allow authenticated admin interface users to work normally.

    Allow from 192.168.1
    Satisfy Any

Reload apache:

    /etc/init.d/apache2 reload

Connect to http://HOSTNAME/audit/ with the new backuppc password and you should see what looks like the normal admin interface. This presents all of the admin options but selecting them simply results in the re-display of the status page. No actions are taken. The audit interface will allow the user to browse backups looking for files, checking backup results and status, but they won't be able to start/stop any backup jobs, nor will they be able to restore any files or make any configuration changes.

This is by no means a perfect implementation, but it meets our need for a read-only audit interface without getting elbow-deep in the BackupPC code base.