Adam Goryachev wrote at about 11:34:39 +1100 on Friday, December 4, 2009: > Jeffrey J. Kosowsky wrote: > > Very helpful. A few small nits... > > Carl Wilhelm Soderstrom wrote at about 16:58:08 -0600 on Thursday, > > December 3, 2009: > > > chown -R rsyncbackup:users ~rsyncbackup/.ssh > > > chmod 700 ~rsyncbackup/.ssh > > > > I would do '600'. No need to make it executable. > > A directory needs to be executable or you can't cd into it.... readable > to get a directory listing, and writeable to create new files/directories. > > Note: permissions of 100 will allow you to cd into the directory, and > modify files in the directory (if you know the filename, and have write > permission on the file).
My bad - I was sloppy and didn't realize it was a directory. > > > For a slight bit of incremental security, I do: > > ALL=NOPASSWD: /usr/bin/rsync --server --sender * > > > > which I believe restricts to read only (but it's not well > > documented). Assuming that's true, then a hacker could not get write > > access to your system (and of course write access is equivalent to > > full ownership). > > Which also restricts you from doing a restore... True -- but assuming that restores are relatively rare, then the added security can be beneficial. And when you need to restore, just change your sudo to allow writing and/or use another way to restore... In fact, when I restore just a couple of files, I tend to just browse the backuppc fuse file system (using backuppc-fuse). I can't say enough good things about how good it is to have all my backups easily browseable, searchable, etc. with the ability to apply the full range and breadth of *nix utilities. ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ BackupPC-users mailing list [email protected] List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
