> In fact, my 'sudo' approach worked so well …
Then, how do you restrict access to certain paths in your setups?
Am 11.02.21 um 01:58 schrieb backu...@kosowsky.org:
> Felix Wolters wrote at about 00:14:37 +0100 on Thursday, February 11, 2021:
> > Jeff,
> >
> > I appreciate your detailled discu
Felix Wolters wrote at about 00:14:37 +0100 on Thursday, February 11, 2021:
> Jeff,
>
> I appreciate your detailled discussion of the topic, and I consider your
> arguments to be strong.
>
> But this …
>
> > Finally, while the sudoer code I shared in my previous note was just
> > aimed
Sorry, it seems the base version of rrsync I used is quite old compared to
the current one, and I can't pinpoint which modifications are mine and
which are 'upstream'. All I can say is that:
- the attached version works with BackupPC 4.3.2, using the following
command line in the client's authoriz
On 11/2/21 10:14, Felix Wolters wrote:
Jeff,
I appreciate your detailled discussion of the topic, and I consider your
arguments to be strong.
But this …
Finally, while the sudoer code I shared in my previous note was just
aimed at restricting the sudoer power to rsync with specific flags,
I'
Jeff,
I appreciate your detailled discussion of the topic, and I consider your
arguments to be strong.
But this …
> Finally, while the sudoer code I shared in my previous note was just
> aimed at restricting the sudoer power to rsync with specific flags,
> I'm pretty sure that it could be easil
Les Mikesell wrote at about 14:07:23 -0600 on Wednesday, February 10, 2021:
> On Wed, Feb 10, 2021 at 1:58 PM wrote:
> >
> > 4. Further, along that line, while sudoer has been well-tested,
>
> About that
> https://www.helpnetsecurity.com/2021/01/27/cve-2021-3156/
>
Thanks for suppo
On Wed, Feb 10, 2021 at 1:58 PM wrote:
>
> 4. Further, along that line, while sudoer has been well-tested,
About that
https://www.helpnetsecurity.com/2021/01/27/cve-2021-3156/
--
Les Mikesell
lesmikes...@gmail.com
___
BackupPC-users ma
Felix Wolters wrote at about 19:45:49 +0100 on Wednesday, February 10, 2021:
> Greg,
>
> Yupp, that’s the principle, especially refer to the paragraph
> https://dev-notes.eu/2016/08/secure-rsync-between-servers/#limit-actions-for-this-ssh-connection-to-restricted-rsync
>
> I can recommend i
Les Mikesell wrote at about 13:05:40 -0600 on Wednesday, February 10, 2021:
> On Wed, Feb 10, 2021 at 12:47 PM Felix Wolters
> wrote:
> >
> > I may add, that working with a non-privieged user isn’t even necessary in
> > many cases, as rrsync is able to restrict access to (1.) a specific
>
G.W. Haywood via BackupPC-users wrote at about 16:10:03 + on Wednesday,
February 10, 2021:
> Hi there,
>
> On Wed, 10 Feb 2021, Felix Wolters wrote:
>
> > I'd like to use it with restricted access to the client ...
>
> If I understand you correctly there's no need for complications,
As a poor man's protection, when backing up Linux hosts, I avoid
ssh'ing into root@remotehost and instead ssh into a non-admin user
backupp-remote and then use /etc/sudoer to limit the superuser reach
to /usr/bin/rsync with selected flags. Of course, this still leaves
security holes to a malicious
On Wed, Feb 10, 2021 at 12:47 PM Felix Wolters wrote:
>
> I may add, that working with a non-privieged user isn’t even necessary in
> many cases, as rrsync is able to restrict access to (1.) a specific command
> (if need be with specific options), (2.) a specific folder, and (3.) to read
> only
Greg,
Yupp, that’s the principle, especially refer to the paragraph
https://dev-notes.eu/2016/08/secure-rsync-between-servers/#limit-actions-for-this-ssh-connection-to-restricted-rsync
I can recommend it so far.
I may add, that working with a non-privieged user isn’t even necessary
in many cases
Felix,
I’m trying to follow along and learn a bit here. Is this the concept you
working towards:
https://dev-notes.eu/2016/08/secure-rsync-between-servers/
Thanks,
Greg Harris
On Feb 10, 2021, at 11:24 AM, Felix Wolters wrote:
Thank you, HTH, for your effort! Your setup is absolutely reaso
Thank you, HTH, for your effort! Your setup is absolutely reasonable –
as long as you are on a trusted (local) network and don’t need encrypted
transport.
Apart from that, the setup with rrsync would be much less complicated –
if it worked …
Am 10.02.21 um 17:10 schrieb G.W. Haywood via BackupPC
Just to clarify: My question is about using rrsync on the remote client
to protect it (as I explained) from a potentially currupted server.
Obviously, the standard rrsync isn’t compatible with rsync-bpc. So I’m
curious about Guillermo’s adjusted version of rrsync!
What I did got so far:
* Backu
Hi there,
On Wed, 10 Feb 2021, Felix Wolters wrote:
I'd like to use it with restricted access to the client ...
If I understand you correctly there's no need for complications, you
can do that with plain vanilla rsyncd. It's what I do on my machines.
Forbidding ssh access further reduces the
Adam Goryachev via BackupPC-users wrote at about 23:53:38 +1100 on Wednesday,
February 10, 2021:
>
> On 10/2/21 02:56, Felix Wolters wrote:
> > Hello!
> >
> > Let me first thank you for providing BackupPC as open source software. I
> > appreciate it a lot and consider it to be one of the mo
Thank you, Guillermo in advance, this will be great!
Felix
Am 10.02.21 um 14:01 schrieb Guillermo Rozas:
> Hi,
> I use rrsync in a couple of clients. You need to slightly modify the
> rrsync script to correctly parse BackupPC rsync call, and after that
> it will work without problems. Later in t
Hi,
I use rrsync in a couple of clients. You need to slightly modify the rrsync
script to correctly parse BackupPC rsync call, and after that it will work
without problems. Later in the week I'll look into my systems and post my
rrsync modified version.
Regards,
Guillermo
On Tue, Feb 9, 2021, 13:1
On 10/2/21 02:56, Felix Wolters wrote:
Hello!
Let me first thank you for providing BackupPC as open source software. I
appreciate it a lot and consider it to be one of the most usefull backup
systems out there!
I’d like to use it with restricted access to the client, so a
potentially corrupted
Hello!
Let me first thank you for providing BackupPC as open source software. I
appreciate it a lot and consider it to be one of the most usefull backup
systems out there!
I’d like to use it with restricted access to the client, so a
potentially corrupted BackupPC server wouldn’t be able to damag
22 matches
Mail list logo