Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer)
2009-12-03 19:37:32
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeffrey J. Kosowsky wrote:
> Very helpful. A few small nits...
> Carl Wilhelm Soderstrom wrote at about 16:58:08 -0600 on Thursday, December
> 3, 2009:
> > chown -R rsyncbackup:users ~rsyncbackup/.ssh
> > chmod 700 ~rsyncbackup/.ssh
>
> I would do '600'. No need to make it executable.
A directory needs to be executable or you can't cd into it.... readable
to get a directory listing, and writeable to create new files/directories.
Note: permissions of 100 will allow you to cd into the directory, and
modify files in the directory (if you know the filename, and have write
permission on the file).
> For a slight bit of incremental security, I do:
> ALL=NOPASSWD: /usr/bin/rsync --server --sender *
>
> which I believe restricts to read only (but it's not well
> documented). Assuming that's true, then a hacker could not get write
> access to your system (and of course write access is equivalent to
> full ownership).
Which also restricts you from doing a restore...
Hope that helps.
Regards,
Adam
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAksYWR8ACgkQGyoxogrTyiVYzQCfa+2XlMASzPqGCticyf05RvK5
rA4AnjbOPEjSjne5g6AenATWUb0JTcOP
=GMDm
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [BackupPC-users] Problems to backup linux network computer, (continued)
- Re: [BackupPC-users] Problems to backup linux network computer, Jose Torres
- Re: [BackupPC-users] Problems to backup linux network computer, Les Mikesell
- Re: [BackupPC-users] Problems to backup linux network computer, Jose Torres
- Re: [BackupPC-users] Problems to backup linux network computer, Les Mikesell
- Re: [BackupPC-users] Problems to backup linux network computer, Jose Torres
- [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Carl Wilhelm Soderstrom
- Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Jeffrey J. Kosowsky
- Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer),
Adam Goryachev <=
- Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Jeffrey J. Kosowsky
- Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Carl Wilhelm Soderstrom
- Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Jeffrey J. Kosowsky
- Re: [BackupPC-users] Problems to backup linux network computer, Sebastiaan van Erk
|
|
|