1 |
On Sun, 30 Jun 2013 14:36:14 -0700, Grant wrote: |
2 |
|
3 |
> >> Isn't that a gaping security hole? I think this amounts to granting |
4 |
> >> the backup server root read access (and write access if you want to |
5 |
> >> restore) on each client? |
6 |
> > |
7 |
> > How can you backup system files without root read access? You are |
8 |
> > granting this to s specific user, one without a login shell, on the |
9 |
> > server. |
10 |
> |
11 |
> If the backup server is infiltrated, the infiltrator would have root |
12 |
> read access to each of the clients, correct? If the clients push to |
13 |
> the backup server instead, their access on the server can be |
14 |
> restricted to the backup directory. |
15 |
|
16 |
Yes, but with push you have to secure each machine whereas with pull |
17 |
backups it's only the server to secure. And you'd still need to grant |
18 |
access to the server from the clients, which could be escalated. With |
19 |
backuppc, the server does not need to be accessible from the Internet at |
20 |
all, all requests are outgoing. If the server machine serves other |
21 |
purposes and needs to be net-accessible, run the backup server in a |
22 |
chroot or VM. |
23 |
|
24 |
|
25 |
-- |
26 |
Neil Bothwick |
27 |
|
28 |
Religious error: (A)tone, (R)epent, (I)mmolate? |