On 3 August 2017 at 22:43, Wayne Blaszczyk <[email protected]> wrote:
> On Thu, 2017-08-03 at 10:00 -0700, Paul Rogers wrote: > > I've not found a necessity to actually use rsync yet. I followed the > > book's instructions and moved on, leaving it for "later". (I'd like to > > be able to use it to make one backup/archive for my accounts on all my > > systems, but it doesn't seem to have a robust "collision avoidance > > system".) > > > > The book warns us about security concerns, but then proceeds to create a > > /home/rsync directory, to which rsync would have FS RW access, and then > > use that as a file distribution point, relying on rsync itself to > > enforce the directory as RO. It does seem a little odd we assigning it > > a "system" UID/GID, but a home directory in user-space /home. > > > > If we're trying to be security conscious, wouldn't the wiser course be > > to set the rsync user's home /dev/null, then make a file "module" that > > refers to a directory it does not have write access to in FS > > permissions? Would rsync not work without a writable directory? > > > > Realizing the file distribution point is perhaps primarily just a very > > basic example, I fear it may be a "tail wagging the dog" if it has > > prompted giving rsync a FS writable directory. > > > > -- > > Paul Rogers > > [email protected] > > Rogers' Second Law: "Everything you do communicates." > > (I do not personally endorse any additions after this line. TANSTAAFL > > :-) > > I've been using rsync for years to do my system backups and in that time > I've > never used rsync daemon. So I'm not sure what the befits are to using it. > Maybe there should be a blurb on why you would use it? > Ssh with user key authentication is the way to go for me. > If anyone is interested, I can post my backup script which includes > snapshots. > I'm glad you posted that Wayne, because I've been scratching my head too wondering what use the rsync daemon is. I've never used it either; I thought that maybe it was just me. Richard
-- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
