unattended rdiff-backup / ssh configuration
Mon, 13 May 2002 17:58:39 -0700 (PDT)
On Mon, 13 May 2002, Ben Escoto wrote:
> >>>>> "DG" == dean gaudet <firstname.lastname@example.org>
> >>>>> wrote the following on Mon, 13 May 2002 10:59:48 -0700 (PDT)
> DG> oh yeah, another feature request :) a "--server-read-only"
> DG> command line option which would restrict rdiff-backup to running
> DG> as a source server only. that would protect a server from ever
> DG> being a target in an unattended backup setup. it would tighten
> DG> security a bit.
> DG> i suppose also a "--server-write-only /path/to/mirror" would be
> DG> appropriate in the other direction.
> This is definitely a good idea, but is suprisingly difficult given the
> way the protocol is. Also, I think the --server-write-only switch
> wouldn't be worth much without chroot'ing (because otherwise someone
> could add in a well-timed symlink and get rdiff-backup to overwrite
> whatever they wanted) and right now chroot'ing is difficult because
> rdiff-backup depends on rdiff.
yeah i had been thinking about chroot... and the more i think about it,
even the --server-read-only is somewhat superfluous given the existence of
snapshot-capable volume managers such as LVM, EVMS, vxvm, ...
once i iron out some other kinks i'll be using LVM to take a snapshot
before the backup starts. then i'll be doing the backup off the read-only
snapshot. if i throw in a chroot (with appropriate magic for rdiff) then
i'll get most of the protection i want.
the only additional thing i'd like is if i could run the backup as a
non-root user which has root read access. i think i'll go pester
linux-kernel and see if anyone has any suggestions :)