Hi,

I can understand the question. If BackupPC will use root permission,
your BackupPC will become No. 1 target. Because when the attacker
controls your BackupPC, she can access every box within your network
as root. Nothing you really want. And in business, you will have
multiple sys-admins.. but as the VPN/Firewall admin you want your
servers to be backed up, but you shouldn't trust your colleague which
is running the backup server too much. Because it is your ass which
will get kicked when someone compromises the systems under your
responsibility.

Two ways we are using:
1) If you really know what folder you want to be backed up, create a
user "backup" and add an ACL which allows the user "backup" to read
these folders.

2) If you don't know what folders you want to be backed up or you want
to backup everything, also create a user "backup" and lock it down.
Now, create a copy of rsync. Make sure, only the user "backup" can
execute this file. Set the CAP_DAC_READ_SEARCH capability for the
private rsync copy. Now, the user "backup" can access all your data
like root can, but if anybody will get access to that user on that
box, he/she is very limited.


-- 
Regards.
Igor

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/