[CentOS] Howto: Extremely tight security rsync shell for backups
Les Mikesell
lesmikesell at gmail.comMon Sep 23 20:50:36 UTC 2013
- Previous message: [CentOS] Howto: Extremely tight security rsync shell for backups
- Next message: [CentOS] Howto: Extremely tight security rsync shell for backups
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Sep 23, 2013 at 3:26 PM, Lists <lists at benjamindsmith.com> wrote: > > > Depending on how you interpret this statement, my documented process may > present a (mild) improvement. > > It has the backup account on the public server being a non-priviliged > account only able to run a (tightly controlled) shell script which > contains the sudo call. In this way, even if the backup account is > compromised, it can't be used to "take down" the web server, only > provide access to the data. Technically, the rsync command *is* being > run as (sudo) root, but nothing else is, and the backup account has no > ability to change the parameters of the rsync account. Is there something that convinces you that sudo is better at handling the command restriction than sshd would be? -- Les Mikesell lesmikesell at gmail.com
- Previous message: [CentOS] Howto: Extremely tight security rsync shell for backups
- Next message: [CentOS] Howto: Extremely tight security rsync shell for backups
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list