Re: [BackupPC-users] [newb] ssh rsync with restricted permissions
2011-04-14 17:47:44
On 4/14/2011 2:26 PM, yilam wrote:
> [...]
> That looks like an invocation using rsyncd; which I would avoid. The time to
> use rsyncd is when backing up Windows, because cygwin ssh+rsync is buggy and
> doesn't work.
>
> Keep in mind that BackupPC has both:
> $Conf{XferMethod} = 'rsyncd';
> $Conf{XferMethod} = 'rsync';
>
> You should use 'rsync' for your XferMethod unless there's a really good
> reason.
>
>
> Thank you Carl, Bowie and Les for your answers. The main advantage I saw
> using rsyncd, is in the fact that the command line can be much simplified and
> the include and exclude options can reside in the rsyncd.conf file. But I
> finally rallied Carls advice (see also
> http://www.aboutdedupe.com/phpBB2/viewtopic.php?p=212471&sid=0612823bf08f34da225b41976ec74c1c)
> and it works.
>
>
> tom
>
> +----------------------------------------------------------------------
> |This was sent by sneaky56 AT gmx DOT net via Backup Central.
> |Forward SPAM to abuse AT backupcentral DOT com.
> +----------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------------
> Benefiting from Server Virtualization: Beyond Initial Workload
> Consolidation -- Increasing the use of server virtualization is a top
> priority.Virtualization can reduce costs, simplify management, and improve
> application availability and disaster protection. Learn more about boosting
> the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
> _______________________________________________
> BackupPC-users mailing list
> BackupPC-users AT lists.sourceforge DOT net
> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki: http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
I agree that limiting the backuppc user on the [backuppc-client]
machine to only running rsync with certain options is good practice. I
run BackupPC per the instructions at
http://backuppc.sourceforge.net/faq/ssh.html#how_can_client_access_as_root_be_avoided.
Isn't it the case, however, that when you run rsync over ssh that the
client machine logs into the [BackupPC-server] as root? My nightmare
is that a public-facing box (i.e. web server) has root access
compromised, or at the very least the the private key in
[BackupPC-client]/home/backuppc-user/.ssh/id_rsa is exposed. Then the
bad guy could run 'ssh -i /home/backuppc-user/.ssh/id_rsa
backuppc-server.mydomain.com' and get ROOT access to the backup server.
Am i missing something?
-Chris
------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve
application availability and disaster protection. Learn more about boosting
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
|
|