-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeffrey J. Kosowsky wrote: > Very helpful. A few small nits... > Carl Wilhelm Soderstrom wrote at about 16:58:08 -0600 on Thursday, December > 3, 2009: > > chown -R rsyncbackup:users ~rsyncbackup/.ssh > > chmod 700 ~rsyncbackup/.ssh > > I would do '600'. No need to make it executable.
A directory needs to be executable or you can't cd into it.... readable to get a directory listing, and writeable to create new files/directories. Note: permissions of 100 will allow you to cd into the directory, and modify files in the directory (if you know the filename, and have write permission on the file). > For a slight bit of incremental security, I do: > ALL=NOPASSWD: /usr/bin/rsync --server --sender * > > which I believe restricts to read only (but it's not well > documented). Assuming that's true, then a hacker could not get write > access to your system (and of course write access is equivalent to > full ownership). Which also restricts you from doing a restore... Hope that helps. Regards, Adam -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksYWR8ACgkQGyoxogrTyiVYzQCfa+2XlMASzPqGCticyf05RvK5 rA4AnjbOPEjSjne5g6AenATWUb0JTcOP =GMDm -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ BackupPC-users mailing list [email protected] List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
