2008/11/6 Quentin Hartman <[EMAIL PROTECTED]>: > I know Keith doesn't like them, but I prefer to have my backups run via push, > rather than pull. I prefer this because I can have the backup job run as a > privileged user (necessary to read all the files) locally but then connect to > the backup server as a normal user. This means I don't have the potential > exposure of allowing remote root-level logins on my servers, or having > passwordless keys for root running around. I think this is a good thing. It > makes key management a bit more secure and sane (imho). > > Is there a recognized way to do this with Dirvish? I found a patch that was > submitted to the list in 2006 that enabled this functionality, but I never > saw if it got added officially, nor have I found any documentation that > refers to it. I plan to dig into this some more tomorrow and do some testing > and experimentation, but was hoping that a quick note to this list might be > able to save me some time. >
I run dirvish avoiding root log in like this: vault is in a chroot jail on backup server owned by user backup, user backup runs the dirvish cron job and requests the backup from the remote server, remote server does not allow root login but allows user backup to ssh in. On remote server, The line command="/home/backup/dirvish" is prepended to the user backup .ssh authorized keys file, where the dirvish file is a file allowing the backup to run only the original rsync command on the remote server. User backup on the remote server can easily access the dirvish backup vault on the backup server by tunneling in, and being dropped into the chroot jail. It works quite well, and avoids allowing root log in on either part. Jenny _______________________________________________ Dirvish mailing list [email protected] http://www.dirvish.org/mailman/listinfo/dirvish
