[Dirvish] Push Backups?
hopkins.jenny at gmail.com
Thu Nov 6 09:41:17 UTC 2008
2008/11/6 Quentin Hartman <qhartman at concentricsky.com>:
> I know Keith doesn't like them, but I prefer to have my backups run via push, rather than pull. I prefer this because I can have the backup job run as a privileged user (necessary to read all the files) locally but then connect to the backup server as a normal user. This means I don't have the potential exposure of allowing remote root-level logins on my servers, or having passwordless keys for root running around. I think this is a good thing. It makes key management a bit more secure and sane (imho).
> Is there a recognized way to do this with Dirvish? I found a patch that was submitted to the list in 2006 that enabled this functionality, but I never saw if it got added officially, nor have I found any documentation that refers to it. I plan to dig into this some more tomorrow and do some testing and experimentation, but was hoping that a quick note to this list might be able to save me some time.
I run dirvish avoiding root log in like this: vault is in a chroot
jail on backup server owned by user backup, user backup runs the
dirvish cron job and requests the backup from the remote server,
remote server does not allow root login but allows user backup to ssh
in. On remote server, The line command="/home/backup/dirvish" is
prepended to the user backup .ssh authorized keys file, where the
dirvish file is a file allowing the backup to run only the original
rsync command on the remote server.
User backup on the remote server can easily access the dirvish backup
vault on the backup server by tunneling in, and being dropped into the
It works quite well, and avoids allowing root log in on either part.
More information about the Dirvish