Gentoo Archives: gentoo-user

From: Neil Bothwick <neil@××××××××××.uk>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] {OT} backups... still backups....
Date: Mon, 01 Jul 2013 00:29:33
In Reply to: Re: [gentoo-user] {OT} backups... still backups.... by Grant
1 On Sun, 30 Jun 2013 14:36:14 -0700, Grant wrote:
3 > >> Isn't that a gaping security hole? I think this amounts to granting
4 > >> the backup server root read access (and write access if you want to
5 > >> restore) on each client?
6 > >
7 > > How can you backup system files without root read access? You are
8 > > granting this to s specific user, one without a login shell, on the
9 > > server.
10 >
11 > If the backup server is infiltrated, the infiltrator would have root
12 > read access to each of the clients, correct? If the clients push to
13 > the backup server instead, their access on the server can be
14 > restricted to the backup directory.
16 Yes, but with push you have to secure each machine whereas with pull
17 backups it's only the server to secure. And you'd still need to grant
18 access to the server from the clients, which could be escalated. With
19 backuppc, the server does not need to be accessible from the Internet at
20 all, all requests are outgoing. If the server machine serves other
21 purposes and needs to be net-accessible, run the backup server in a
22 chroot or VM.
25 --
26 Neil Bothwick
28 Religious error: (A)tone, (R)epent, (I)mmolate?


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-user] {OT} backups... still backups.... Grant <emailgrant@×××××.com>