Les Mikesell wrote: > Joe Krahn wrote: > >> >> BUT, I also see that you are using "ssh -l root". The point of using >> sudo is that you don't need remote-root access. The default >> configuration needs to be better designed to get this right, with proper >> security considerations. > > When you need this remote access to have read/write permission on all of > your target files, how much more secure do you think you can make it? > Right! So sudo really is not useful with the BackupPC design. Ideally, automatic restores should be executed under the user that requested them, and restoration if privileged files should require that the local restore command be invoked or authenticated locally by root. If you disallow remote root write access, then some access restrictions can actually be enforced.
Some security can be added with ssh; see http://www.linux.com/feature/113847 Joe Krahn ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
