1 |
On 11/13/11 13:03, Grant wrote: |
2 |
> |
3 |
>Then I could have the backup server pull |
4 |
> that copy from each system without giving it root access to each |
5 |
> system. Can I somehow have the correct ownerships for the backup |
6 |
> saved in a separate file for use during a restore? |
7 |
> |
8 |
|
9 |
If you're intent on making a two-stage pull work; you can do it by |
10 |
creating a 'backups' user on your servers, and then using filesystem |
11 |
ACLs to grant backups+r to every file/directory you want to back up. |
12 |
That way, an attacker on the backup server can't decide to peruse the |
13 |
rest of your stuff. |
14 |
|
15 |
The easiest method, though, is to just add a third stage. Either move |
16 |
the backups on the backup server to another directory after the backup |
17 |
job completes, or sync/burn/whatever them off-site. In this case the |
18 |
backup server can't access anything you don't give it, and the |
19 |
individual servers can't trash their backed-up data. |