> Date: Tue, 12 Dec 2006 07:05:18 -0800 (PST) > From: probsd org <[EMAIL PROTECTED]> > Subject: RE: FreeBSD Backup > To: freebsd-questions@freebsd.org > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=iso-8859-1 > > This is assuming you have another account on another freebsd/linux box with a > significant amount of space. Works great on a live filesystem. I use /, /var, > /tmp, and /usr as examples. > > dump -L -0f - /usr | ssh -C [EMAIL PROTECTED] "cat > > /usr/home/login/usr.dump" > dump -L -0f - /tmp | ssh -C [EMAIL PROTECTED] "cat > > /usr/home/login/tmp.dump" > dump -L -0f - /var | ssh -C [EMAIL PROTECTED] "cat > > /usr/home/login/var.dump" > dump -L -0f - / | ssh -C [EMAIL PROTECTED] "cat > /usr/home/login/root.dump"
Watch your umask when doing stuff like the above. If /usr/home/login is world-readable (or group-readable), and your umask permits world-readable files, then all your secure chown root / chmod 600 files are suddenly world readable to any rogueuser that can "cp /usr/home/login/root.dump ~rogueuser/". I prefer to explicitly set the umask: dump -L -0f - / | ssh -i ~root/.ssh/special_backup_dsa_key \ [EMAIL PROTECTED] "umask 177; cat > /usr/home/login/root.dump" One could/should of course also "chmod 700 /usr/home/login" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
