On Wednesday, August 17, 2011 10:18:25 AM Grant wrote: > >> > You can seperate the backups by giving each system a different > >> > account > >> > where to store the backups. > >> > >> I'm not sure what you mean. The backups are all stored on the backup > >> server. > > > > Each machine to be backed up has a different account on the backup > > server. This will prevent machine A from accessing the backups of > > machine B. > > > > This way, if one machine is compromised, only this machines backups can > > be accessed using the access-keys for the backup. And this machines > > keys can then be revoked without affecting other backups. > > That's a great idea. I will do that. Should that backup account have > any special configuration, or just a standard new user?
I would suspect just a standard new user with default permissions. Eg. only write-access to his/her own files. And I'd prevent that user account from being able to get a shell-account. A ".bashrc" with "exit" as the last or first entry is a nice touch. Especially if you set the permissions such that it works for the user but the user can never change that file. -- Joost