[CentOS] Howto: Extremely tight security rsync shell for backups
Lists
lists at benjamindsmith.com
Mon Sep 23 21:40:48 UTC 2013
On 09/23/2013 01:50 PM, Les Mikesell wrote:
> Is there something that convinces you that sudo is better at handling
> the command restriction than sshd would be?
In the context of a production server, the idea is to remove any ability
from another host (EG: backup server) to run local arbitrary code or
change local files. (read-only)
There is one (small) benefit to not using SSHD options: Even if the
account is somehow accessed locally, (eg via password prompt) it still
cannot be used for anything but a read-only rsync command. And by using
a (read only) script to replace the normal shell and sudo, I'm able to
not only limit the command being run (in this case rsync) but also limit
all options passed to it.
You can disable the password on the backup account to achieve a similar
effect using an SSHD option. If there's a better/simpler way to do this
via SSHD option I'd love to hear about it!
Thanks,
-Ben
More information about the CentOS
mailing list