Lists wrote:
> We've been using rsync since forever to back up all our servers and it's
> worked without a problem. But in a recent security review, we noted that
> our specific rsync backup host is using root keys to access the server,
> meaning that if the keys on the backup server were leaked/compromised in
> any fashion, that would provide r00t access to the servers being backed
> up.
>
> Since this doesn't seem to be readily documented, I thought I'd provide
> it to the community.
>
> After some playing around, we've found it is possible to set up
> rsync/ssh so that the connecting server can ONLY run rsync with a
> predetermined set of options.
<snip>
Yup. What we do is have keys for a specific program (in house written)
that is called via crontab, and the keys for the backup server is *only*
on the servers that are backed up by that system, and there's an in-house
written script that restricts what that program can do. It does have to
run as root, though, on both, to preserve ownership of home and project
directories, etc.
mark