Jeff, I appreciate your detailled discussion of the topic, and I consider your arguments to be strong.
But this … > Finally, while the sudoer code I shared in my previous note was just > aimed at restricting the sudoer power to rsync with specific flags, > I'm pretty sure that it could be easily expanded to > also limit access to only certain files/directories but just extending > the sudoer line to add the paths desired, thereby further restricting > the reach of the sudo command allowed. seems to be the critical point to me. Have your tried that? (I haven’t yet; a quick search at least doesn’t show up manifestations of this approach.) > At the end of the day, with rrsync, you are still allowing root > access to ssh and that just doesn't feel right. Well … any time you administrate a remote machine, you gain root access over ssh to it, so this alone is a danger we use to deal with. On the other hand, with the rsync-via-sudoers approach – don’t we open rsync to the full system, so basically an attacker on the currupted server would be able to basically rsync the whole machine to himself? So, at the end of the day, aren’t we trading a potential security vulnerability (rrsync) with a heavy real one (rsync via sudoers)? Am 10.02.21 um 20:59 schrieb backu...@kosowsky.org: > Felix Wolters wrote at about 19:45:49 +0100 on Wednesday, February 10, 2021: > > Greg, > > > > Yupp, that’s the principle, especially refer to the paragraph > > > https://dev-notes.eu/2016/08/secure-rsync-between-servers/#limit-actions-for-this-ssh-connection-to-restricted-rsync > > > > I can recommend it so far. > > > > I may add, that working with a non-privieged user isn’t even necessary > > in many cases, as rrsync is able to restrict access to (1.) a specific > > command (if need be with specific options), (2.) a specific folder, and > > (3.) to read only access – but offer full root access and allowing rsync > > -a to keep users, groups and permissions. That makes it powerful. > > See my earlier note on my concerns about the relative security of this > method vs. ssh to a restricted remote user plus a well-constructed > sudoer line to elevate only the specific command needed to backup your > files/directories. > > > The problem here just seems to be that rrsync (on the client to back up) > > and rsync-bpc are not compatible, and a patched rrsync will – hopefully! > > – be the solution. > > > _______________________________________________ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: https://github.com/backuppc/backuppc/wiki > Project: https://backuppc.github.io/backuppc/ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
