Hi there, On Sat, 5 Nov 2022, Adam Goryachev wrote:
I don't understand why you would NOT want backuppc to have at least read access to ALL data, including data only accessible to root.
Because I wouldn't want BackupPC to be a vector for compromise. The whole point of giving read access only to root is so that *only* root has access. :) It's a security posture.
I assume you would not be suggesting that you run a separate backup system for each user
Correct.
so why would you want to either: 1) Not backup root data
??!!
2) Run a separate backup solution just for root data I guess this will go back to how you setup your data security etc,
Exactly. The BackupPC system is rather complex. As commonly used it involves, for example, a Web server and a browser. These things are notoriously insecure. Browsers are amongst the most complex bits of software on the planet and amongst the most frequently compromised. You could even have pathological cases like a well-secured Linux box running BackupPC accessed by Internet Explorer running under XP... Rather than let a random browser have access to things which properly only root should be able to access, if I were being cautious I'd back up the private things separately. It might be as simple as creating a cron job or something like that to zip (with a passphrase known only to me) the root-only files to an archive, and then copy that archive to a place accessible to the backup run by BackupPC. Clearly there's a bit of work to be done there, keeping things current.
but regardless of what you do, I would strongly suggest you ensure ALL data is backed up...
Well at least all important data, agreed, obviously. :) -- 73, Ged. _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
