[Dirvish] Re: pushing backups

Matthew Palmer mpalmer at hezmatt.org
Tue Oct 11 16:25:22 PDT 2005


On Tue, Oct 11, 2005 at 12:56:55PM -0400, Mateusz Pospieszny wrote:
> I was just wondering, would it be possible to make the clients initiate
> the rsync sessions instead of my backup server ?
> 
> Then i could possibly have local root rsync to backup server where it
> doesn't have to have full root access (possibly).

As mentioned, the process running on the backup server needs to have root
permissions, in order to preserve permissions/ownership.

Also, if all of the files you want backed up are world-readable, I'm fairly
sure that the process running on the backup client doesn't need root privs.

> I am just concerned that if somebody hacks my backup server somehow they
> can use that machine to easily access all the other machines that backup
> to it because they will accept ssh root sessions from it.

So don't do that then.  Use SSH public keys that are tied to a particular
command, so that in order to get a root shell/ability to run arbitrary
programs, they need to break through whatever (presumably simple) shell
script you've got as the single command to be run.  Google can give you
examples of the sort of script you're looking for (that's how I learnt about
it).  Google for "SSH key forced command" or similar.

> Ie. it becomes a single point of failure.

No, it's a weak point, not a SPOF.  But it's a fairly strong weak point.

> I would think that pushing the backups would make it harder for the
> above scenario to happen.

At least as easy, if not easier -- instead of one hardened point initiating
connections to other places, you've got lots of (probably less secure)
points making connection to your hardened backup server.

- Matt


More information about the Dirvish mailing list