| 1 |
On Sun, 30 Jun 2013 14:36:14 -0700, Grant wrote: |
| 2 |
|
| 3 |
> >> Isn't that a gaping security hole? I think this amounts to granting |
| 4 |
> >> the backup server root read access (and write access if you want to |
| 5 |
> >> restore) on each client? |
| 6 |
> > |
| 7 |
> > How can you backup system files without root read access? You are |
| 8 |
> > granting this to s specific user, one without a login shell, on the |
| 9 |
> > server. |
| 10 |
> |
| 11 |
> If the backup server is infiltrated, the infiltrator would have root |
| 12 |
> read access to each of the clients, correct? If the clients push to |
| 13 |
> the backup server instead, their access on the server can be |
| 14 |
> restricted to the backup directory. |
| 15 |
|
| 16 |
Yes, but with push you have to secure each machine whereas with pull |
| 17 |
backups it's only the server to secure. And you'd still need to grant |
| 18 |
access to the server from the clients, which could be escalated. With |
| 19 |
backuppc, the server does not need to be accessible from the Internet at |
| 20 |
all, all requests are outgoing. If the server machine serves other |
| 21 |
purposes and needs to be net-accessible, run the backup server in a |
| 22 |
chroot or VM. |
| 23 |
|
| 24 |
|
| 25 |
-- |
| 26 |
Neil Bothwick |
| 27 |
|
| 28 |
Religious error: (A)tone, (R)epent, (I)mmolate? |
Archives