On Thu, May 27, 2010 at 23:00, feffer <rdiff-backup-fo...@backupcentral.com> wrote: > > I'm running rdiff-backup over ssh with an unattended cron script using an ssh > key-pair proceedure described here > (http://arctic.org/~dean/rdiff-backup/unattended.html). My script works fine, > but I'm wondering about security. It is generally considered a bad idea to > allow root login to ssh, but I cannot preserve ownership and permissions if I > disallow root login. > > Is this really a problem since my machines are behind a router on my LAN? The > ssh key-pairs are not password protected, but isn't the only real security > threat losing the private key? > > Is there a way to lock this down a bit more while still enabling unattended > backups? >
Do you really need the permissions on the server to be set correctly, rather than simply when you restore? If not, I thought rdiff-backup could save and restore permissions separately from the files in question, allowing you to record them without needing to be root. Alternatively you could use metastore (http://david.hardeman.nu/software.php) which can save file metadata to a file, allowing you to restore it at a later date. Both of these still require root privileges on the client machine when backing up (unless everything is world-readable) and when restoring in order to reset the permissions, but not on the destination machine. Nye _______________________________________________ rdiff-backup-users mailing list at rdiff-backup-users@nongnu.org http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki