On Monday, 2006-12-18 at 09:04:47 +0100, Frédéric VANNIÈRE wrote: > You should look at scponly, it's a shell which only allow scp, sftp > and rsync in > a very restricted chroot. > It works well, I'm using it for the backup of more 100 servers and > workstations.
If you want to use scponlyc (in chroot), you have to loopback-mount all filesystems into the chroot you want to rsync. Since Linux does not support read-only loopback mounts, this leaves them open not only for reading but also for writing... The way I did it some years ago was to dump and encrypt the filesystems, writing the result into the chroot. You can use incremental dumps or use find | cpio for incrementals (which I did). Of course, you need enough space to keep an encrypted, compressed dump of all filesystems... HTH, Lupe Christoph -- | You know we're sitting on four million pounds of fuel, one nuclear | | weapon and a thing that has 270,000 moving parts built by the lowest | | bidder. Makes you feel good, doesn't it? | | Rockhound in "Armageddon", 1998, about the Space Shuttle | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
