rhwalker Posted May 21, 2008 Report Share Posted May 21, 2008 This has got to change. I know of no other user-level program that runs as root -- not even other backup programs. Sorry, you are horribly misinformed. If Retrospect did not run as root, it would not have read access to back up all files, and it would not be able to open devices, etc. It's so sad that you have such little understanding of the Unix underpinnings, and that you refuse to do the simple troubleshooting steps that Robin has suggested. You don't want to solve your problem; you just want to rant. running as root is a security risk (what if Retrospect went awry? It could delete whatever it wanted!) and causes problems with other software such as input methods (SpellCatcher X, notably). You've got two choices. Either supply the password each time Retrospect launches, or give Retrospect the credentials it needs. Programs that need low level access to all files to back them up need root credentials. Every such program is a security risk. If that's unacceptable to you, then don't run Retrospect or any other backup program. Will this change in Retrospect X? It can't if you expect Retrospect to back everything up, as I do for our server. Russ Quote Link to comment Share on other sites More sharing options...
mbizer Posted May 21, 2008 Author Report Share Posted May 21, 2008 It's so sad that you have such little understanding of the Unix underpinnings, and that you refuse to do the simple troubleshooting steps that Robin has suggested. That's quite an assumption you're making. I followed all of them to the letter, spent many hours doing so, and they made no difference. The fact is that I appear to be the only one on this thread who has any experience with Time Capsule. You don't want to solve your problem; you just want to rant. Au contraire, my friend -- it would be helpful if you would get your facts straight. And I don't know why you're responding here unless you have direct experience with Time Capsule. Programs that need low level access to all files to back them up need root credentials. It can't if you expect Retrospect to back everything up, as I do for our server. Is that so? Many of us rely on SuperDuper to make mirror, bootable images of our hard drives. It runs as administrator, not as root (unless I'm mistaken). Again, I don't know of any other backup programs -- or programs period -- that run as root (as opposed to administrator). I'm happy to be corrected. And I'm pointing out that the fact that Retrospect runs as root causes problems with other programs, such as Input Methods. Quote Link to comment Share on other sites More sharing options...
Mayoff Posted May 21, 2008 Report Share Posted May 21, 2008 I know of no other user-level program that runs as root -- not even other backup programs Please give me an example of a good backup program that has access to all the files on your computer that does not run as root or use a sudo command (which is basically root). Most user-level programs do not run as root, because they do not need total access to everything on the computer. Yes, Retrospect can delete whatever it wants. I can't imagine other backup software doesn't run as root. I confirmed that SuperDuper runs as root. If Retrospect didn't run as root, how would it have total and complete access to all files on your computer for backup? How could Retrospect do a full and complete system restore of your computer for Disaster Recovery? If you would like Retrospect to be limited, and be unable to access everything on the computer... Then I can post your feedback as a feature request. :rollie: Quote Link to comment Share on other sites More sharing options...
rhwalker Posted May 21, 2008 Report Share Posted May 21, 2008 Is that so? Many of us rely on SuperDuper to make mirror, bootable images of our hard drives. It runs as administrator, not as root (unless I'm mistaken). Yes, it's so. You are mistaken. I checked. Again, I don't know of any other backup programs -- or programs period -- that run as root (as opposed to administrator). I'm happy to be corrected. And I'm pointing out that the fact that Retrospect runs as root causes problems with other programs, such as Input Methods. I'm sorry your experience and knowledge is so limited, because you post with such authority. Just what university granted you your Bachelor's Degree and Master's Degree in Electrical Engineering and Computer Science? I'd like to know so that I could warn others. Just how many Unix ports and years of Unix internals have you done? Your experience seems so great. Russ Quote Link to comment Share on other sites More sharing options...
Mayoff Posted May 21, 2008 Report Share Posted May 21, 2008 Okay, things are getting out of hand and off the original topic. Hopefully my Time Capsule will come this week, and I can do first hand testing. I don't know why you keep getting the password request, but in my current environment, I can not reproduce the problem. Just wondering, have you tried installing Retrospect on another Mac to see what happens when trying to connect to the Time Capsule after checking the save to keychain options? Does it still ask for the password? Quote Link to comment Share on other sites More sharing options...
CallMeDave Posted May 21, 2008 Report Share Posted May 21, 2008 Many of us rely on SuperDuper to make mirror, bootable images of our hard drives. It runs as administrator, not as root (unless I'm mistaken). You are not mistaken, yet you are wrong. SuperDuper!.app, the sweet cocoa application, runs as an administrator. But SuperDuper! doesn't do the actual work of copying files; that job is handled by the unix processes you'll find inside the package, such as SuperDuper!.app/Contents/MacOS/SDAgent and SuperDuper!.app/Contents/MacOS/SDCopy Those processes do, in fact, run as root. As well they would have to, or SuperDuper! would _not_ be able to do what you want it to do. Now, I also believe that the KnowledgeBase article about requiring a user to log in the OS X Finder as root in order to initially save a Catalog or File Backup Set to a remote share is out-of-date or just misleading. I really depends on the configuration of the share, and on where in that share's directory structure the user wants to save the file. And I'm also suspicious of the need for using the OS X keychain for this; if Keychain were truly supported, what is the need/use of the password field in Retrospect? Programs that use Keychain items just use them; they don't require a duplicate of the appropriate credentials. Now it's possible that Time Capsule implements AFP different then other Apple file server software, so if the steps you take behave differently then they do when the remote share is hosted on OS X Server 10.4 or 10.5, that would be worthy of testing. Robin has suggested that he'll try this with the same hardware that you are using; hopefully that will show if this is a red herring or a real issue. Dave Quote Link to comment Share on other sites More sharing options...
mbizer Posted May 21, 2008 Author Report Share Posted May 21, 2008 Now, I also believe that the KnowledgeBase article about requiring a user to log in the OS X Finder as root in order to initially save a Catalog or File Backup Set to a remote share is out-of-date or just misleading. I really depends on the configuration of the share, and on where in that share's directory structure the user wants to save the file. Thanks. And I'm also suspicious of the need for using the OS X keychain for this; if Keychain were truly supported, what is the need/use of the password field in Retrospect? Programs that use Keychain items just use them; they don't require a duplicate of the appropriate credentials. Good point. Now it's possible that Time Capsule implements AFP different then other Apple file server software, so if the steps you take behave differently then they do when the remote share is hosted on OS X Server 10.4 or 10.5 I believe that this is the case, but I could be mistaken! Quote Link to comment Share on other sites More sharing options...
Mayoff Posted May 21, 2008 Report Share Posted May 21, 2008 (edited) Now, I also believe that the KnowledgeBase article about requiring a user to log in the OS X Finder as root in order to initially save a Catalog or File Backup Set to a remote share is out-of-date or just misleading Okay, I will agree with Dave on this. The article is feeling out of date, specifically under Leopard, but I do not plan on updating it right now. Results are too inconsistent and different from one OS/hardware configuration to another. From my additional testing today, it seemed like checking the keychain box was more important then logging in as root. Retrospect is not keychain aware, but the Finder and Retrospect seemed happier once the box was checked for the keychain. Edited May 21, 2008 by Guest Quote Link to comment Share on other sites More sharing options...
mbizer Posted May 22, 2008 Author Report Share Posted May 22, 2008 From my additional testing today, it seemed like checking the keychain box was more important then logging in as root. Retrospect is not keychain aware, but the Finder and Retrospect seemed happier once the box was checked for the keychain. Are you talking about the save in keychain dialog in the Finder? I see that one, but I don't see an option in Retrospect. Quote Link to comment Share on other sites More sharing options...
Mayoff Posted May 22, 2008 Report Share Posted May 22, 2008 Correct. The finder pops up the screen with the button to save in keychain. Every time I checked that box, it worked perfectly for me. My Time Capsule should be available for testing next week. Quote Link to comment Share on other sites More sharing options...
mbizer Posted May 23, 2008 Author Report Share Posted May 23, 2008 Just wondering, have you tried installing Retrospect on another Mac to see what happens when trying to connect to the Time Capsule after checking the save to keychain options? Does it still ask for the password? I just confirmed -- my wife's computer doesn't ask for a password, so it's some problem with my configuration. Wish I knew how to fix the problem! Quote Link to comment Share on other sites More sharing options...
Mayoff Posted May 23, 2008 Report Share Posted May 23, 2008 You could try hiding the Retrospect folder under library/preferences and reconfigure Retrospect. That will totally reset the knowledge of network volumes in Retrospect. Quote Link to comment Share on other sites More sharing options...
Mayoff Posted May 27, 2008 Report Share Posted May 27, 2008 Okay. I have tested with Time Capsule. It worked exactly like the Windows NAS I worked with previously. I just check the box to add my login to the keychain. Retrospect then never asks for the password again. Quote Link to comment Share on other sites More sharing options...
mbizer Posted May 27, 2008 Author Report Share Posted May 27, 2008 Right but connecting initially as root (during config) isn't necessary. Quote Link to comment Share on other sites More sharing options...
Mayoff Posted May 27, 2008 Report Share Posted May 27, 2008 Right but connecting initially as root (during config) isn't necessary. This is correct. It appears that Leopard has helped Retrospect workaround the need for this. Quote Link to comment Share on other sites More sharing options...
mbizer Posted June 18, 2008 Author Report Share Posted June 18, 2008 Will, the difference between SuperDuper! and Retrospect is that SD uses GUI-less helper tools that run as root. As I wrote above, Retrospect wreaks havoc with SpellCatcher, which runs as an input method: when Retrospect is launched, the chosen input method changes randomly, and it doesn't revert when one switches out of Retrospect. The developer of SpellCatcher emphasizes the problem as follows: "When GUI apps decide to run themselves as root (highly discouraged, only helper tools should be run suid, as SuperDuper! correctly does) all bets are off." So can you please make sure that this is on the list of requests for Retrospect X? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.