On 09/23/2013 01:02 PM, m.roth@xxxxxxxxx wrote: > It does have to > run as root, though, on both, to preserve ownership of home and project > directories, etc. Depending on how you interpret this statement, my documented process may present a (mild) improvement. It has the backup account on the public server being a non-priviliged account only able to run a (tightly controlled) shell script which contains the sudo call. In this way, even if the backup account is compromised, it can't be used to "take down" the web server, only provide access to the data. Technically, the rsync command *is* being run as (sudo) root, but nothing else is, and the backup account has no ability to change the parameters of the rsync account. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Howto: Extremely tight security rsync shell for backups
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: Howto: Extremely tight security rsync shell for backups
- From: Lists <lists@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 23 Sep 2013 13:26:35 -0700
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <74fa73d086c85f11e87ed7cd9042f563.squirrel@mail.5-cent.us>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8
- Follow-Ups:
- Re: Howto: Extremely tight security rsync shell for backups
- From: Les Mikesell
- Re: Howto: Extremely tight security rsync shell for backups
- References:
- Prev by Date: Re: Howto: Extremely tight security rsync shell for backups
- Next by Date: Re: Howto: Extremely tight security rsync shell for backups
- Previous by thread: Re: Howto: Extremely tight security rsync shell for backups
- Next by thread: Re: Howto: Extremely tight security rsync shell for backups
- Index(es):
 |