On September 11, 2015 6:27:26 AM GMT+02:00, Sebastien Marie <[email protected]> wrote: >On Thu, Sep 10, 2015 at 12:58:52AM +0200, Alexander Hall wrote: >> I'm going wide with this diff I've been pushing for quite some time >now. >> >> Is *anyone* but me using rdump(8) + rmt(8)? > >I use dump(8) for doing remote backup, but I don't use rmt(8), due to >plaintext storage on remote side.
I don't understand. What's "plaintext storage"? :-) > >> *If you are currently using rdump/rrestore + rmt, I urge you to test >> this diff to make sure it causes no regression. It shouldn't, but >> you've been warned. >> >> So, anyway, this diff allows running a restricted rmt(8), in my case >> for remote dumps over ssh, a.k.a rdump(8). >> >> For restricting rmt(8) when dumping/restoring to/from a remote >machine: >> >> -d <directory> confines rmt to operate within a single directory. >> -r enforces read-only mode. >> -w enforces write-only mode. >> >> With this, rmt could be used with the following (simplified) >> .ssh/authorized_keys entries >> >> command="/etc/rmt -wd /dumps/host/foo" ssh-ed25519 ...dumpkey... >> command="/etc/rmt -rd /dumps/host/foo" ssh-ed25519 ...restorekey... >> >> This has the major advantage that a remote user cannot ever destroy >or >> manipulate former backups. A bit more detail is in the man page. >> >> OK? >> > >I will try to get time soon to review it a bit. Nice. I'll hold back a bit, but theo already pretty much told me to commit it as I'm probably pretty much the last person on earth using rmt. :-) /Alexander
