On Mon, Aug 14, 2006 at 09:06:19PM +0100, Alan Pearson wrote:
>
>
> On 14 Aug 2006, at 20:37, Henning Brauer wrote:
>
> >>there an established method for keeping privileges lower when
> >>doing dumps, i.e.
> >>add a user who can dump and not using root to do this?
> >
> >you don't need root to do backups, a member of group operator is
> >sufficient. we add a special backup user to each machine and restrict
> >the access via ssh key a fair little bit more, like
>
> I presume root is need for tar, as it need file permissions ?
On the client a compiled, wrapper program, "runtar" is used
to call tar. runtar is installed owned by root and setuid'ed.
--
Jon H. LaBadie jon AT jgcomp DOT com
JG Computing
4455 Province Line Road (609) 252-0159
Princeton, NJ 08540-4322 (609) 683-7220 (fax)
|