1 |
On Wednesday, August 17, 2011 10:18:25 AM Grant wrote: |
2 |
> >> > You can seperate the backups by giving each system a different |
3 |
> >> > account |
4 |
> >> > where to store the backups. |
5 |
> >> |
6 |
> >> I'm not sure what you mean. The backups are all stored on the backup |
7 |
> >> server. |
8 |
> > |
9 |
> > Each machine to be backed up has a different account on the backup |
10 |
> > server. This will prevent machine A from accessing the backups of |
11 |
> > machine B. |
12 |
> > |
13 |
> > This way, if one machine is compromised, only this machines backups can |
14 |
> > be accessed using the access-keys for the backup. And this machines |
15 |
> > keys can then be revoked without affecting other backups. |
16 |
> |
17 |
> That's a great idea. I will do that. Should that backup account have |
18 |
> any special configuration, or just a standard new user? |
19 |
|
20 |
I would suspect just a standard new user with default permissions. |
21 |
Eg. only write-access to his/her own files. |
22 |
|
23 |
And I'd prevent that user account from being able to get a shell-account. |
24 |
|
25 |
A ".bashrc" with "exit" as the last or first entry is a nice touch. Especially |
26 |
if you set the permissions such that it works for the user but the user can |
27 |
never change that file. |
28 |
|
29 |
-- |
30 |
Joost |