Hi,

  I use backup pc to save virtualized guest.  SSH runs on the host and access

/vservers/server1
/vservers/server2
etc...

 I use client $Conf{ClientNameAlias} to separate the acces but the issue is that the restore command could be used to crunch any files on the HOST. Is there any way to restrict the restore to a share ?

$Conf{RsyncClientCmd} = '$sshPath -q -x -l root $host $rsyncPath $argList+';

Full command to run rsync on the client machine. The following variables are substituted at run-time:

       $host           host name being backed up
       $hostIP         host's IP address
       $shareName      share name to backup (ie: top-level directory path)
       $rsyncPath      same as $Conf{RsyncClientPath}
       $sshPath        same as $Conf{SshPath}
       $argList        argument list, built from $Conf{RsyncArgs},
                       $shareName, $Conf{BackupFilesExclude} and                     $Conf{BackupFilesOnly}

i tried :

$Conf{RsyncClientRestoreCmd}  = '$sshPath  -o CompressionLevel=0 -q -x -l aqbackup $host $rsyncPath $Conf{RsyncArgs} /vservers/server2  $Conf{BackupFilesExclude}  $Conf{BackupFilesOnly}';

but it fails of course because it runs:

Running: /usr/bin/ssh -o CompressionLevel=0 -q -x -l backupuser myhost.com /usr/bin/sudo\ /usr/bin/rsync \$Conf\{RsyncArgs\} /vservers/server2 \$Conf\{BackupFilesExclude\} \$Conf\{BackupFilesOnly\}


  Anyone as an ideas to secure this kind of setup or am i doomed to install ssh on every guest ?


ps: $Conf{ClientNameAlias} is said to overwrite the real host name but it is not escaped in the logs = information leak ;)


--
Cordialement,
Ghislain

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Reply via email to