On Tue, 6 May 2014 17:35:00 -0700 The Farmer <[email protected]> wrote:
> If I use tarsnap-keymgmt to create a key that can only create new > archives, and another key that can list and delete old ones, and want > to use them from different machines, what's the best way to do that? > > I don't want an attacker who gains access to the machine I'm backing > up to be able to delete old backups, but I don't want to keep old > backups indefinitely, so my plan is to delete old backups from a > different machine. > > I'm guessing the best plan is to use rsync to keep the cache folders > in sync on the two machines, but do they need to be synced in both > directions, or is it enough to copy from the machine which creates > archives to the one which deletes them? > > If it needs to go both ways then I guess I also need to put some kind > of semaphore in place to make sure only one machine is using tarsnap > at a time. Wouldn't it be easier to store those keys on a USB stick and point tarsnap to it when needed?
