unattended rdiff-backup / ssh configuration
Mon, 13 May 2002 17:45:56 -0700
Content-Type: text/plain; charset=us-ascii
>>>>> "DG" == dean gaudet <firstname.lastname@example.org>
>>>>> wrote the following on Mon, 13 May 2002 10:59:48 -0700 (PDT)
DG> just thought i'd share this configuration tip with folks -- ben
DG> you may wish to include this on your webpage or in the docs
Thanks - I added a link under the Documentation section of the front
DG> oh yeah, another feature request :) a "--server-read-only"
DG> command line option which would restrict rdiff-backup to running
DG> as a source server only. that would protect a server from ever
DG> being a target in an unattended backup setup. it would tighten
DG> security a bit.
DG> i suppose also a "--server-write-only /path/to/mirror" would be
DG> appropriate in the other direction.
This is definitely a good idea, but is suprisingly difficult given the
way the protocol is. Also, I think the --server-write-only switch
wouldn't be worth much without chroot'ing (because otherwise someone
could add in a well-timed symlink and get rdiff-backup to overwrite
whatever they wanted) and right now chroot'ing is difficult because
rdiff-backup depends on rdiff.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 01/15/2001
-----END PGP SIGNATURE-----