rdiff-backup-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[rdiff-backup-users] Clarification of --restrict-update-only

From: Chris G
Subject: [rdiff-backup-users] Clarification of --restrict-update-only
Date: Wed, 4 Feb 2009 18:39:53 +0000
User-agent: Mutt/1.5.17 (2007-11-01) 
I'm using rdiff-backup to backup files across a LAN.  The destination
machine has a dedicated backup account which has passwordless ssh
login set up for client machines that want to do backups.

To make things a bit more secure I have added the following to my
sshd_config on the destination/backup machine:-

    Match User=bak
    ForceCommand rdiff-backup --server

So far so good.  I can backup as required but it's not possible to
login to the bak account using ssh.  I'd like to lock it down a bit
further by using the --restrict-update-only option so that if an
intruder did gain access to a client machine they wouldn't be able to
remove anything useful from the backups by deleting or overwriting.

However I'm not quite clear how --restrict-update-only works, can I
just do something like:-

    Match User=bak
    ForceCommand rdiff-backup --server --restrict-update-only /

and thus prevent anything other than updates for *all* backups?

-- 
Chris Green
reply via email to
[Prev in Thread] Current Thread [Next in Thread]