rdiff-backup-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] Clarification of --restrict-update-only

From: Chris G
Subject: Re: [rdiff-backup-users] Clarification of --restrict-update-only
Date: Thu, 5 Feb 2009 11:40:09 +0000
User-agent: Mutt/1.5.17 (2007-11-01) 
On Thu, Feb 05, 2009 at 11:28:09AM +0000, Dominic wrote:
> Chris G wrote:
>> Anyway, back to the original point of my question, if I put:-
>>
>>     Match User=bak
>>     ForceCommand rdiff-backup --server --restrict-update-only /
>>
>> at the end of my sshd configuration on the backup server will it prevent
>> rdiff-backup doing anything but updates on any/every part of the
>> backup hierarchy?
> From my reading of man page I think you are correct, but I suggest you 
> accept the position of 'restrict-update-only Tester In Chief' and let us 
> know how you get on! I would be interested to know if it causes any 
> problems when comparing or recovering files (but I don't think it should). 
> Can you use it when creating a new repository?
>
OK, I'll add the extra parameter and see how it all goes.  I can
easily enough try adding another client after having added the
parameter. 

> I take it you are not concerned about what a local root user might do on 
> the backup machine? How secure is your garage?!
>
The garage's "security" is that it's quite a way from the house and
thus even a serious fire in the house shouldn't affect the garage. 
That's the primary reason for putting a backup in the garage.

The rdiff-backup questions relate more to an electronic intruder
getting access to the garage system from the client systems in the
house. It's very unlikely that an electronic intruder would get into
the garage system, it has no 'outside facing' ports at all, the only
way to get to it is via my desktop machine - hence all these questions
here to try and minimise that risk.  If someone breaks into the garage
physically they could, obviously, get into the machine but they'd need
passwords from there to get into the other machines on the LAN.

The garage is fairly secure, as secure as the house probably.  A
burglar who steals computers from the house probably won't even think
to look for computers in the garage.

I also back up the most important stuff (i.e. the company accounts)
off site at my hosting company login account.  That's not particularly
secure against electronic intruders but *is* secure against burglars
in our house.  I.e. the idea is that I should be safe against any one
type of intrusion.

-- 
Chris Green
reply via email to
[Prev in Thread] Current Thread [Next in Thread]