Adam Goryachev wrote at about 11:34:39 +1100 on Friday, December 4, 2009:
> Jeffrey J. Kosowsky wrote:
> > Very helpful. A few small nits...
> > Carl Wilhelm Soderstrom wrote at about 16:58:08 -0600 on Thursday,
> > December 3, 2009:
> > > chown -R rsyncbackup:users ~rsyncbackup/.ssh
> > > chmod 700 ~rsyncbackup/.ssh
> >
> > I would do '600'. No need to make it executable.
>
> A directory needs to be executable or you can't cd into it.... readable
> to get a directory listing, and writeable to create new files/directories.
>
> Note: permissions of 100 will allow you to cd into the directory, and
> modify files in the directory (if you know the filename, and have write
> permission on the file).
My bad - I was sloppy and didn't realize it was a directory.
>
> > For a slight bit of incremental security, I do:
> > ALL=NOPASSWD: /usr/bin/rsync --server --sender *
> >
> > which I believe restricts to read only (but it's not well
> > documented). Assuming that's true, then a hacker could not get write
> > access to your system (and of course write access is equivalent to
> > full ownership).
>
> Which also restricts you from doing a restore...
True -- but assuming that restores are relatively rare, then the added
security can be beneficial. And when you need to restore, just change
your sudo to allow writing and/or use another way to restore...
In fact, when I restore just a couple of files, I tend to just browse
the backuppc fuse file system (using backuppc-fuse). I can't say
enough good things about how good it is to have all my backups easily
browseable, searchable, etc. with the ability to apply the full range
and breadth of *nix utilities.
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|