Hi, I can understand the question. If BackupPC will use root permission, your BackupPC will become No. 1 target. Because when the attacker controls your BackupPC, she can access every box within your network as root. Nothing you really want. And in business, you will have multiple sys-admins.. but as the VPN/Firewall admin you want your servers to be backed up, but you shouldn't trust your colleague which is running the backup server too much. Because it is your ass which will get kicked when someone compromises the systems under your responsibility.
Two ways we are using: 1) If you really know what folder you want to be backed up, create a user "backup" and add an ACL which allows the user "backup" to read these folders. 2) If you don't know what folders you want to be backed up or you want to backup everything, also create a user "backup" and lock it down. Now, create a copy of rsync. Make sure, only the user "backup" can execute this file. Set the CAP_DAC_READ_SEARCH capability for the private rsync copy. Now, the user "backup" can access all your data like root can, but if anybody will get access to that user on that box, he/she is very limited. -- Regards. Igor ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ BackupPC-users mailing list [email protected] List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
