Hi, I use backup pc to save virtualized guest. SSH runs on the host and access /vservers/server1 /vservers/server2 etc... I use client $Conf{ClientNameAlias} to separate the acces but the issue is that the restore command could be used to crunch any files on the HOST. Is there any way to restrict the restore to a share ?
$Conf{RsyncClientRestoreCmd} = '$sshPath -o CompressionLevel=0 -q -x -l aqbackup $host $rsyncPath $Conf{RsyncArgs} /vservers/server2 $Conf{BackupFilesExclude} $Conf{BackupFilesOnly}'; but it fails of course because it runs: Running: /usr/bin/ssh -o CompressionLevel=0 -q -x -l backupuser myhost.com /usr/bin/sudo\ /usr/bin/rsync \$Conf\{RsyncArgs\} /vservers/server2 \$Conf\{BackupFilesExclude\} \$Conf\{BackupFilesOnly\} Anyone as an ideas to secure this kind of setup or am i doomed to install ssh on every guest ? ps: $Conf{ClientNameAlias} is said to overwrite the real host name but it is not escaped in the logs = information leak ;) --
Cordialement, Ghislain |
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/