Menu
▾
▴
Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer)
|
From: Adam G. <mai...@we...> - 2009-12-04 00:35:57
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeffrey J. Kosowsky wrote: > Very helpful. A few small nits... > Carl Wilhelm Soderstrom wrote at about 16:58:08 -0600 on Thursday, December 3, 2009: > > chown -R rsyncbackup:users ~rsyncbackup/.ssh > > chmod 700 ~rsyncbackup/.ssh > > I would do '600'. No need to make it executable. A directory needs to be executable or you can't cd into it.... readable to get a directory listing, and writeable to create new files/directories. Note: permissions of 100 will allow you to cd into the directory, and modify files in the directory (if you know the filename, and have write permission on the file). > For a slight bit of incremental security, I do: > ALL=NOPASSWD: /usr/bin/rsync --server --sender * > > which I believe restricts to read only (but it's not well > documented). Assuming that's true, then a hacker could not get write > access to your system (and of course write access is equivalent to > full ownership). Which also restricts you from doing a restore... Hope that helps. Regards, Adam -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksYWR8ACgkQGyoxogrTyiVYzQCfa+2XlMASzPqGCticyf05RvK5 rA4AnjbOPEjSjne5g6AenATWUb0JTcOP =GMDm -----END PGP SIGNATURE----- |
