[Dirvish] pushing backups

Mateusz Pospieszny mateusz at bellsouth.net
Tue Oct 11 15:38:03 PDT 2005


On Tue, 2005-10-11 at 17:33 -0400, Jon Radel wrote:

> Also, you should keep in mind that just because you allow ssh access to 
> your client boxes doesn't mean you have to allow interactive logins, or 
> access to commands other than rsync for that matter.  If you put some 
> effort into it, you can lock down your certificate to allow access only 
> to rsync, in which case the person who cracked your backup server can 
> only use rsync.  Not completely cracker-proof, but I wouldn't go calling 
> it "easily access."  In any case, if your backup server is fully 
> compromised, all of your data is compromised, which means that game is 
> mostly over anyway.
> 

As far as i know the only way i lock down the certificate to allow
access only to rsync is the "command=" option which basically means "no
matter what the client is asking for, run this command exactly as
specified.
If i am not mistaken i would have to specify it exactly as my backup job
invokes rsync normally. Which would mean:

1. if i change backup options on the backup server they would be
completly ignored on the client machine, i would have to make sure all
the rsync options are properly matching the config again.

2. this is on per-key basis so then i would have to tell dirvish to use
as many keys per machine as many vaults it has (in my case i have one
vault per pertition)

in short, the stuff is starting to get a little complicated here. Maybe
there is an easier way to lock this down ?
 
> BTW, on the client machine you don't need to run as root unless you're 
> backing up files only root can read.  I have some special purpose 
> servers where I use an account with little privilege to backup some 
> critical data, but I leave the system files alone, as rebuilding the 
> server would be faster than trying to do a restore.

unfortunatelly i do have to backup the whole root partion on my servers
because they contain a lot of custom stuff compiled specifically for the
client machine...





More information about the Dirvish mailing list