-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeffrey J. Kosowsky wrote:
> Very helpful. A few small nits...
> Carl Wilhelm Soderstrom wrote at about 16:58:08 -0600 on Thursday, December 
> 3, 2009:
>  > chown -R rsyncbackup:users ~rsyncbackup/.ssh
>  > chmod 700 ~rsyncbackup/.ssh
> 
> I would do '600'. No need to make it executable.

A directory needs to be executable or you can't cd into it.... readable
to get a directory listing, and writeable to create new files/directories.

Note: permissions of 100 will allow you to cd into the directory, and
modify files in the directory (if you know the filename, and have write
permission on the file).

> For a slight bit of incremental security, I do:
>       ALL=NOPASSWD: /usr/bin/rsync --server --sender *
> 
> which I believe restricts to read only (but it's not well
> documented). Assuming that's true, then a hacker could not get write
> access to your system (and of course write access is equivalent to
> full ownership).

Which also restricts you from doing a restore...

Hope that helps.

Regards,
Adam
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAksYWR8ACgkQGyoxogrTyiVYzQCfa+2XlMASzPqGCticyf05RvK5
rA4AnjbOPEjSjne5g6AenATWUb0JTcOP
=GMDm
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing. 
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/