BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer)

2009-12-04 00:59:15
Subject: Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer)
From: "Jeffrey J. Kosowsky" <backuppc AT kosowsky DOT org>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Fri, 04 Dec 2009 00:55:42 -0500 
Adam Goryachev wrote at about 11:34:39 +1100 on Friday, December 4, 2009:
 > Jeffrey J. Kosowsky wrote:
 > > Very helpful. A few small nits...
 > > Carl Wilhelm Soderstrom wrote at about 16:58:08 -0600 on Thursday, 
 > > December 3, 2009:
 > >  > chown -R rsyncbackup:users ~rsyncbackup/.ssh
 > >  > chmod 700 ~rsyncbackup/.ssh
 > > 
 > > I would do '600'. No need to make it executable.
 > 
 > A directory needs to be executable or you can't cd into it.... readable
 > to get a directory listing, and writeable to create new files/directories.
 > 
 > Note: permissions of 100 will allow you to cd into the directory, and
 > modify files in the directory (if you know the filename, and have write
 > permission on the file).

My bad - I was sloppy and didn't realize it was a directory.

 > 
 > > For a slight bit of incremental security, I do:
 > >    ALL=NOPASSWD: /usr/bin/rsync --server --sender *
 > > 
 > > which I believe restricts to read only (but it's not well
 > > documented). Assuming that's true, then a hacker could not get write
 > > access to your system (and of course write access is equivalent to
 > > full ownership).
 > 
 > Which also restricts you from doing a restore...

True -- but assuming that restores are relatively rare, then the added
security can be beneficial. And when you need to restore, just change
your sudo to allow writing and/or use another way to restore...

In fact, when I restore just a couple of files, I tend to just browse
the backuppc fuse file system (using backuppc-fuse). I can't say
enough good things about how good it is to have all my backups easily
browseable, searchable, etc. with the ability to apply the full range
and breadth of *nix utilities.


------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing. 
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Adam Goryachev
Next by Date:  Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Carl Wilhelm Soderstrom
Previous by Thread:  Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Adam Goryachev
Next by Thread:  Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Carl Wilhelm Soderstrom
Indexes:  [Date] [Thread] [Top] [All Lists]