secure remote backups

Ben Escoto
Mon, 19 Nov 2001 16:25:09 -0800

Content-Type: text/plain; charset=us-ascii

>>>>> "MW" == mike wolman <>
>>>>> wrote the following on Tue, 20 Nov 2001 00:23:16 +0000 (GMT)

  MW> Hi, Is it possible to use rdiff to first log in to a machine as
  MW> a normal user then su before performing the backup thus
  MW> preventing root from sshing into the remote machine directly?

Yes, kind of, but this won't eliminate the security risks, so the
primary purpose would probably be to run it on a machine not allowing
root ssh connections.

    rdiff-backup usually opens a connection to a remote host by
executing "ssh user@host rdiff-backup --server", but you can control
this using the --remote-schema option.  Instead of running
rdiff-backup directory on the remote side, you could instead run a
script that was either suid, or ran su itself, and then ran

    For instance:

rdiff-backup --remote-schema "ssh %s su root -c 'rdiff-backup
--server'" foo

Will log into as user, but then ssh will immediately use
su to run 'rdiff-backup --server' as root.  (Assuming I didn't mess up
the quoting.)

    The problem for security is that however you log into the remote
machine, the rdiff-backup server is running as root (assuming you want
to preserve file ownership), so a malicious user on the local machine
could tell the server to do bad things.

Ben Escoto

Content-Type: application/pgp-signature

Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Exmh version 2.2 06/23/2000