BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] Some directory are not in the backup

2010-09-23 08:57:22
Subject: Re: [BackupPC-users] Some directory are not in the backup
From: Les Mikesell <lesmikesell AT gmail DOT com>
To: backuppc-users AT lists.sourceforge DOT net
Date: Thu, 23 Sep 2010 07:55:15 -0500 
On 9/23/10 3:21 AM, IvyAlice wrote:
> Hello Less Micksell,
>
>
>
> Thank you for your reply.
>
> I use the daemon rsyncd cause the security guy told me that this solution is 
> more secure than using rsync/ssh without password between the machines 
> (backuppc is installed on a real server used for other things, too)

I wouldn't agree with that, but the security weaknesses are different.  With 
ssh 
keys, security depends entirely on protecting the private side of the key pair. 
  Anyone who can be root or the backuppc user on the backuppc server can steal 
the identity file and get root access to the remote servers - and you should 
assume that anyone who has physical access to the server could do this, perhaps 
by booting a live cd to bypass its passwords.  However, as long as the private 
key is protected, ssh sessions are fairly secure and the data over the network 
is encrypted.  Perhaps your security guy misunderstood and thought you needed 
to 
remove the root password, which is not necessary when using ssh keys.   Running 
rsyncd instead, you also have the issue of your passwords being stored in plain 
text on the server and the data being passed over the network without 
encryption 
- but you do have some control of which files can be accessed.

It is also possible to make the ssh connection as a non-root user, then use 
sudo 
to become root with restrictions on the possible commands.  I think the details 
for this are posted on the wiki somewhere, but basically if you permit restores 
you can pretty much do anything to the target machines anyway.


> When I launch the command from the server to the host :
> #rsync -av MyClient:backupETC
>
> #receiving incremental file list
> #drwxr-xr-x        4096 2010/09/23 07:57:29 backupETC
> #sent 12 bytes  received 47 bytes  16.86 bytes/sec


Add a trailing / to see the contents: rsync -av MyClient::backupETC/

-- 
   Les Mikesell
    lesmikesell AT gmail DOT com



------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] Mail problem with BPC, Les Mikesell
Next by Date:  Re: [BackupPC-users] Mail problem with BPC, Sorin Srbu
Previous by Thread:  [BackupPC-users] Some directory are not in the backup, IvyAlice
Next by Thread:  [BackupPC-users] smbclient and -N option, Xuo
Indexes:  [Date] [Thread] [Top] [All Lists]