{"id":3087,"date":"2020-02-05T11:58:45","date_gmt":"2020-02-05T10:58:45","guid":{"rendered":"https:\/\/esferas.org\/msqlu\/?p=3087"},"modified":"2020-02-05T11:58:45","modified_gmt":"2020-02-05T10:58:45","slug":"backuppc-usuarios-y-administracion","status":"publish","type":"post","link":"https:\/\/esferas.org\/msqlu\/2020\/02\/05\/backuppc-usuarios-y-administracion\/","title":{"rendered":"BackupPC: usuarios y administraci\u00f3n"},"content":{"rendered":"<div class='__iawmlf-post-loop-links' style='display:none;' data-iawmlf-post-links='[{&quot;id&quot;:423,&quot;href&quot;:&quot;http:\\\/\\\/toma2tazas.descargasdigitales.es\\\/2008\\\/09\\\/apache-como-usar-digest-authentication-en-lugar-de-basic-authentication&quot;,&quot;archived_href&quot;:&quot;&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[],&quot;broken&quot;:false,&quot;last_checked&quot;:null,&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:424,&quot;href&quot;:&quot;https:\\\/\\\/httpd.apache.org\\\/docs\\\/current\\\/mod\\\/mod_auth_digest.html#authdigestnoncelifetime&quot;,&quot;archived_href&quot;:&quot;https:\\\/\\\/web-wp.archive.org\\\/web\\\/20260324143332\\\/https:\\\/\\\/httpd.apache.org\\\/docs\\\/current\\\/mod\\\/mod_auth_digest.html&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[],&quot;broken&quot;:false,&quot;last_checked&quot;:null,&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:425,&quot;href&quot;:&quot;https:\\\/\\\/en.wikipedia.org\\\/wiki\\\/Basic_access_authentication&quot;,&quot;archived_href&quot;:&quot;&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[],&quot;broken&quot;:false,&quot;last_checked&quot;:null,&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:426,&quot;href&quot;:&quot;http:\\\/\\\/backuppc.sourceforge.net\\\/faq\\\/BackupPC.html#_conf_cgiadminusers_&quot;,&quot;archived_href&quot;:&quot;https:\\\/\\\/web-wp.archive.org\\\/web\\\/20260322234101\\\/https:\\\/\\\/backuppc.sourceforge.net\\\/faq\\\/BackupPC.html&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[{&quot;date&quot;:&quot;2026-04-15 12:20:23&quot;,&quot;http_code&quot;:200}],&quot;broken&quot;:false,&quot;last_checked&quot;:{&quot;date&quot;:&quot;2026-04-15 12:20:23&quot;,&quot;http_code&quot;:200},&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:427,&quot;href&quot;:&quot;https:\\\/\\\/httpd.apache.org\\\/docs\\\/2.4\\\/howto\\\/auth.html&quot;,&quot;archived_href&quot;:&quot;https:\\\/\\\/web-wp.archive.org\\\/web\\\/20260412094152\\\/https:\\\/\\\/httpd.apache.org\\\/docs\\\/2.4\\\/howto\\\/auth.html&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[{&quot;date&quot;:&quot;2026-04-15 12:20:30&quot;,&quot;http_code&quot;:206}],&quot;broken&quot;:false,&quot;last_checked&quot;:{&quot;date&quot;:&quot;2026-04-15 12:20:30&quot;,&quot;http_code&quot;:206},&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:428,&quot;href&quot;:&quot;https:\\\/\\\/httpd.apache.org\\\/docs\\\/current\\\/mod\\\/mod_cgi.html&quot;,&quot;archived_href&quot;:&quot;https:\\\/\\\/web-wp.archive.org\\\/web\\\/20260415122445\\\/https:\\\/\\\/httpd.apache.org\\\/docs\\\/current\\\/mod\\\/mod_cgi.html&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[],&quot;broken&quot;:false,&quot;last_checked&quot;:null,&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:429,&quot;href&quot;:&quot;https:\\\/\\\/en.wikipedia.org\\\/wiki\\\/Common_Gateway_Interface&quot;,&quot;archived_href&quot;:&quot;https:\\\/\\\/web-wp.archive.org\\\/web\\\/20260411084104\\\/https:\\\/\\\/en.wikipedia.org\\\/wiki\\\/Common_Gateway_Interface&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[{&quot;date&quot;:&quot;2026-04-15 12:20:45&quot;,&quot;http_code&quot;:429}],&quot;broken&quot;:false,&quot;last_checked&quot;:{&quot;date&quot;:&quot;2026-04-15 12:20:45&quot;,&quot;http_code&quot;:429},&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:430,&quot;href&quot;:&quot;https:\\\/\\\/unix.stackexchange.com\\\/questions\\\/145966\\\/how-to-set-an-expired-authentication-in-apache&quot;,&quot;archived_href&quot;:&quot;https:\\\/\\\/web-wp.archive.org\\\/web\\\/20260415122452\\\/https:\\\/\\\/unix.stackexchange.com\\\/questions\\\/145966\\\/how-to-set-an-expired-authentication-in-apache&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[],&quot;broken&quot;:false,&quot;last_checked&quot;:null,&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:431,&quot;href&quot;:&quot;https:\\\/\\\/superuser.com\\\/questions\\\/181547\\\/firefox-quickly-forget-http-basic-auth&quot;,&quot;archived_href&quot;:&quot;https:\\\/\\\/web-wp.archive.org\\\/web\\\/20210304074545\\\/https:\\\/\\\/superuser.com\\\/questions\\\/181547\\\/firefox-quickly-forget-http-basic-auth&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[{&quot;date&quot;:&quot;2026-04-15 12:20:59&quot;,&quot;http_code&quot;:200}],&quot;broken&quot;:false,&quot;last_checked&quot;:{&quot;date&quot;:&quot;2026-04-15 12:20:59&quot;,&quot;http_code&quot;:200},&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:432,&quot;href&quot;:&quot;https:\\\/\\\/developer.mozilla.org\\\/en-US\\\/docs\\\/Web\\\/HTTP\\\/Authentication&quot;,&quot;archived_href&quot;:&quot;https:\\\/\\\/web-wp.archive.org\\\/web\\\/20250312214116\\\/https:\\\/\\\/developer.mozilla.org\\\/en-US\\\/docs\\\/Web\\\/HTTP\\\/Authentication&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[{&quot;date&quot;:&quot;2026-04-15 12:21:05&quot;,&quot;http_code&quot;:206}],&quot;broken&quot;:false,&quot;last_checked&quot;:{&quot;date&quot;:&quot;2026-04-15 12:21:05&quot;,&quot;http_code&quot;:206},&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:433,&quot;href&quot;:&quot;https:\\\/\\\/stackoverflow.com\\\/questions\\\/14317141\\\/rest-services-basic-auth-session-timeout&quot;,&quot;archived_href&quot;:&quot;https:\\\/\\\/web-wp.archive.org\\\/web\\\/20260415122511\\\/https:\\\/\\\/stackoverflow.com\\\/questions\\\/14317141\\\/rest-services-basic-auth-session-timeout&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[],&quot;broken&quot;:false,&quot;last_checked&quot;:null,&quot;process&quot;:&quot;done&quot;}]'><\/div>\n<p>El interfaz web de este programa permite acceso a todo. Pero todo, todo. Tanto que al no estar cifradas las copias es posible leer <strong>cualquier<\/strong> archivo de <strong>cualquier<\/strong> m\u00e1quina en <strong>cualquier<\/strong> tiempo en el que fue salvado. <\/p>\n\n\n\n<!--more-->\n\n\n\n<p>As\u00ed que una de las primeras cosas que hay que hacer es proteger ese interfaz tan \u00fatil y tan accesible. Desgraciadamente no hay muchas opciones internas porque se basa y emplea mecanismos externos de toda la vida como la <em>autentificaci\u00f3n<\/em> de scripts CGI. Si externamente se establece la variable CGI <em>REMOTE_USER<\/em> el programa la emplea para limitar o denegar el acceso. <\/p>\n\n\n\n<p>Esto nos deja con libertad para usar cualquier mecanismo que el servidor web -Apache en mi caso- emplee para definir esa variable pero por otra parte se a\u00f1ade la molestia de no tener un control de sesiones. Establecer el usuario est\u00e1 chupado. Lo dif\u00edcil es quitarlo porque la autentificaci\u00f3n HTTP, que es de lo que estoy hablando, no trabaja con persistencia alguna, ni <em>cookies<\/em> ni sesiones, y el servidor no tiene la posibilidad de pedir al navegador que reenv\u00ede credenciales. Este, una vez visto que el URL las solicita las sigue enviando continuamente. <\/p>\n\n\n\n<p>Si Apache emplea el tipo de <a href=\"http:\/\/toma2tazas.descargasdigitales.es\/2008\/09\/apache-como-usar-digest-authentication-en-lugar-de-basic-authentication\/\">autentificaci\u00f3n<span style=\"text-decoration: underline;\"><\/span><span style=\"text-decoration: underline;\"><\/span> Digest<\/a>, que no es el caso, existe una <a href=\"https:\/\/httpd.apache.org\/docs\/current\/mod\/mod_auth_digest.html#authdigestnoncelifetime\">directiva<\/a> llamada <code>AuthDigestNonceLifetime<\/code>que limita su tiempo de vida y env\u00eda una respuesta HTTP 401 una vez expira el plazo. Con el tipo de <a href=\"https:\/\/en.wikipedia.org\/wiki\/Basic_access_authentication\">autentificaci\u00f3n Basic<\/a> esto no es posible porque no est\u00e1 dise\u00f1ada as\u00ed. <\/p>\n\n\n\n<p>Hay que jugar con otros factores como el navegador o alg\u00fan tipo de <em>truco<\/em> en el lado del servidor empleando quiz\u00e1s un proxy intermedio que s\u00ed que lleve alg\u00fan tipo de sesi\u00f3n. Se me ocurren varias cosas pero tendr\u00e9 que conformarme con lo que hay. <\/p>\n\n\n\n<p>En este caso y volviendo a BackupPC me conviene recordar dos cosas: el interfaz web es s\u00f3lo un interfaz al verdadero programa de copias y es mejor limitar lo posible los usuarios que tienen acceso administrativo empleando la configuraci\u00f3n del programa:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">$Conf{CgiAdminUsers}     = 'admin';<\/pre>\n\n\n\n<p>Teniendo muy en cuenta que el nombre es irrelevante y que no tiene ni que existir en el sistema ni en el entorno del programa. Es s\u00f3lo el valor que debe aparecer en la variable <em>REMOTE_USER<\/em> anteriormente mencionada.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Referencias<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"http:\/\/backuppc.sourceforge.net\/faq\/BackupPC.html#_conf_cgiadminusers_\">BackupPC Web Interface<\/a><\/li><li><a href=\"https:\/\/httpd.apache.org\/docs\/2.4\/howto\/auth.html\">Apache2.4: Authentication and Authorization<\/a><\/li><li><a href=\"https:\/\/httpd.apache.org\/docs\/current\/mod\/mod_cgi.html\">Apache Module mod_cgi<\/a><\/li><li><a href=\"https:\/\/en.wikipedia.org\/wiki\/Common_Gateway_Interface\">Wikipedia: Common Gateway Interface<\/a> <\/li><li><a rel=\"noreferrer noopener\" aria-label=\" (se abre en una nueva pesta\u00f1a)\" href=\"https:\/\/unix.stackexchange.com\/questions\/145966\/how-to-set-an-expired-authentication-in-apache\" target=\"_blank\">How to set an expired authentication in Apache?<\/a><\/li><li><a href=\"https:\/\/superuser.com\/questions\/181547\/firefox-quickly-forget-http-basic-auth\">Firefox quickly forget HTTP Basic Auth<\/a><\/li><li><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Authentication\">Mozilla MDN: HTTP authentication<\/a><\/li><li><a href=\"https:\/\/stackoverflow.com\/questions\/14317141\/rest-services-basic-auth-session-timeout\">REST services basic auth session timeout<\/a><\/li><\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>El interfaz web de este programa permite acceso a todo. Pero todo, todo. Tanto que al no estar cifradas las copias es posible leer cualquier archivo de cualquier m\u00e1quina en cualquier tiempo en el que fue salvado.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","webmentions_disabled_pings":false,"webmentions_disabled":false,"footnotes":""},"categories":[2],"tags":[75,903,34,953,35,44],"class_list":["post-3087","post","type-post","status-publish","format-standard","hentry","category-software","tag-apache","tag-backuppc","tag-backups","tag-cgi","tag-seguridad","tag-servicios-web"],"_links":{"self":[{"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/posts\/3087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/comments?post=3087"}],"version-history":[{"count":8,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/posts\/3087\/revisions"}],"predecessor-version":[{"id":3345,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/posts\/3087\/revisions\/3345"}],"wp:attachment":[{"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/media?parent=3087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/categories?post=3087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/esferas.org\/msqlu\/wp-json\/wp\/v2\/tags?post=3087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}