[CentOS] Howto: Extremely tight security rsync shell for backups

Les Mikesell lesmikesell at gmail.com
Mon Sep 23 20:50:36 UTC 2013


On Mon, Sep 23, 2013 at 3:26 PM, Lists <lists at benjamindsmith.com> wrote:
> >
> Depending on how you interpret this statement, my documented process may
> present a (mild) improvement.
>
> It has the backup account on the public server being a non-priviliged
> account only able to run a (tightly controlled) shell script which
> contains the sudo call. In this way, even if the backup account is
> compromised, it can't be used to "take down" the web server, only
> provide access to the data. Technically, the rsync command *is* being
> run as (sudo) root, but nothing else is, and the backup account has no
> ability to change the parameters of the rsync account.

Is there something that convinces you that sudo is better at handling
the command restriction than sshd would be?

-- 
   Les Mikesell
     lesmikesell at gmail.com



More information about the CentOS mailing list