Lists wrote:
We've been using rsync since forever to back up all our servers and it's worked without a problem. But in a recent security review, we noted that our specific rsync backup host is using root keys to access the server, meaning that if the keys on the backup server were leaked/compromised in any fashion, that would provide r00t access to the servers being backed up.
Since this doesn't seem to be readily documented, I thought I'd provide it to the community.
After some playing around, we've found it is possible to set up rsync/ssh so that the connecting server can ONLY run rsync with a predetermined set of options.
<snip> Yup. What we do is have keys for a specific program (in house written) that is called via crontab, and the keys for the backup server is *only* on the servers that are backed up by that system, and there's an in-house written script that restricts what that program can do. It does have to run as root, though, on both, to preserve ownership of home and project directories, etc.
mark