[CentOS] Howto: Extremely tight security rsync shell for backups
Lists
lists at benjamindsmith.comMon Sep 23 20:26:35 UTC 2013
- Previous message: [CentOS] Howto: Extremely tight security rsync shell for backups
- Next message: [CentOS] Howto: Extremely tight security rsync shell for backups
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 09/23/2013 01:02 PM, m.roth at 5-cent.us wrote: > It does have to > run as root, though, on both, to preserve ownership of home and project > directories, etc. Depending on how you interpret this statement, my documented process may present a (mild) improvement. It has the backup account on the public server being a non-priviliged account only able to run a (tightly controlled) shell script which contains the sudo call. In this way, even if the backup account is compromised, it can't be used to "take down" the web server, only provide access to the data. Technically, the rsync command *is* being run as (sudo) root, but nothing else is, and the backup account has no ability to change the parameters of the rsync account.
- Previous message: [CentOS] Howto: Extremely tight security rsync shell for backups
- Next message: [CentOS] Howto: Extremely tight security rsync shell for backups
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list