Re: [BackupPC-users] limit restore to a share

Wed, 06 Feb 2008 13:07:36 -0800 

ADNET Ghislain wrote:
> I modified the rsync code to limit restore to a share:
> 
> against (# Version 3.0.0, released 28 Jan 2007)
> 
> (root)> diff /usr/local/BackupPC/lib/BackupPC/Xfer/Rsync.pm
> /usr/local/BackupPC/lib/BackupPC/Xfer/Rsync.pm.orig
> 134,149d133
> <       ## AQUEOS debut
> <
> <       if( defined $conf->{rsyncRestoreLimitToShare} ){
> <               my $aqflag = 0;
> <               my $aqshare;
> <               foreach $aqshare ( $conf->{rsyncRestoreLimitToShare} ){
> <                       $aqflag = 1 if  $remoteDir  =~ /^$aqshare/;
> <               }
> <               if( $aqflag == 0 ){
> <                       my $str = "Erreur vous devez restorer dans 
> ".join(' ou ',$conf->{rsyncRestoreLimitToShare})." uniquement et  non
> pas $remoteDir\n";
> <                       $t->{XferLOG}->write(\$str);
> <                       $t->{hostError} = "none";
> <                       return;
> <               }
> <       }
> <       ## AQUEOS fin
> 
> 
> you have to define in your host file this parameter:
> 
> $Conf{rsyncRestoreLimitToShare} = ['/var','/home'];
> 
> This way you should not be able to restore anyfiles outside of those
> directories.
> 
>  I am a bad coder so perhaps some here could help make this better and
> do the same for the  other backup method like tar etc...
> 
> legal boilerplate: any ownership of  this wonderful piece code is gived
> to craig so if by any chance he takes it into backup pc he has the right
> on it ;)
> 
> 

If you are worried about security issues with remote root write access,
a better approach is to restrict write access at the client computer,
but that means different implementations depending on the Xfer method.
But, it is good to have it on the server end as well.

I am using rsync over ssh, with an ssk key that restricts access using
the command= feature of the authorized_keys file. The proxy command can
analyze the command requested by ssh, and assert any restrictions you want.

Joe Krahn

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
BackupPC-users mailing list
[email protected]
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Reply via email to