Hi,
brunal wrote on 2008-07-29 16:09:12 +0200 [[BackupPC-users] Why should I use
root to connect to host]:
>
> Indeed, the server i want to backup is the main server of my network,
> and pretty well secured. That means, hence, that root cannot have
> access to the server through ssh, only non-root user can.
for similar reasons, I NFS mount a directory from my NFS server on the
BackupPC server and do a local backup through 'sudo'. The directory is
exported anyway, and I still use the name of the NFS server for the
configuration (and thus ping that machine). Only my ClientCmd happens not
to contain 'ssh' or '$host'.
I don't know if this is applicable to your server too, I just wanted to
mention the idea. Note though, that NFS is probably slower than ssh.
Gian Carlo Stagni wrote on 2008-07-29 23:49:29 +0200 [Re: [BackupPC-users] Why
should I use root to connect to host]:
> Chris Robertson ha scritto:
> > brunal wrote:
> >>
> >> One question that I dont understand : can I use another user than
> >> root to connect to my host?
> >
> > The only reason to connect as root is to make sure you have access to
> > all the files you want to back up.
> I believe you can properly verify it by loggin in as the effective user
> (backuppc) that performs the backup.
>
> >> And to my host side, a user backuppc exist and have access to all the
> >> necessary folder and file. Should this configuration work?
> > Since you have this condition met, you should be fine.
> IMHO this is a security risk if sudo is not used.
Permissions set in some specific way are *not* a security risk, provided they
are meant to be set like that. You can export public(ly readable) content from
a secure server and do backups without special priviledges. You can give the
backuppc user access to confidential content, as long as you realize that you
are doing just that: giving access to confidential content. Whether you do
that via permissions or via sudo is irrelevant. If someone gains access to the
backuppc user account on the BackupPC server, he can access the content. There
is no way around that.
An attacker gaining a root shell on the server is more harmful than "just"
access to the data (because a root shell usually gives you that access anyway),
so not using root ssh access makes perfect sense.
I agree that sudo is a more comfortable way to give the backuppc user access
to *all* files, but trying to limit that to just some files can be a pain. In
any case, you have [at least] the rsync command running with root priviledges,
which may be an attack vector you want to avoid. I admit I'm not really
concerned about this risk, but I wouldn't say "nothing running with root
priviledges" is security-wise inferior.
Of course, 'chmod -R o=u /' just so the backuppc user can access everything is
*not a good idea*, but I suspect that is not what Bruno had in mind :-).
Regards,
Holger
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
