From: Pandu Poluan <pandu@poluan.info>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] {OT} Are "push" backups flawed?
Date: Sat, 12 Nov 2011 11:32:20 +0700 [thread overview]
Message-ID: <CAA2qdGX_kj2Cu__ab+8aiwvC_fu68bDaab8D_OOUDz6_2kEipA@mail.gmail.com> (raw)
In-Reply-To: <4EBDF330.4010306@orlitzky.com>
[-- Attachment #1: Type: text/plain, Size: 984 bytes --]
On Nov 12, 2011 11:23 AM, "Michael Orlitzky" <michael@orlitzky.com> wrote:
>
> On 11/11/2011 10:20 PM, Pandu Poluan wrote:
> >
> >> And if I pull, none of my backed-up systems are secure because anyone
> >> who breaks into the backup server has root read privileges on every
> >> backed-up system and will thereby "gain full root privileges quickly."
> >
> > IMO that depends on whether you also backup the authentication-related
> > files or not. Exclude them from backup, ensure different root passwords
> > for all boxes, and now you can limit the infiltration.
>
> If you're pulling to the backup server, that backup server has to be
> able to log in to and read all files on the other servers. Including
> e.g. your swap partition and device files.
>
Again, that's a matter of implementation.
If the server doesn't access the client's filesystem directly but via an
agent (Bacula does this, for instance), the server's access will be limited
to what the agent provides.
Rgds,
[-- Attachment #2: Type: text/html, Size: 1245 bytes --]
next prev parent reply other threads:[~2011-11-12 4:35 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-11 17:55 [gentoo-user] {OT} Are "push" backups flawed? Grant
2011-11-11 18:15 ` Michael Mol
2011-11-11 18:27 ` Grant
2011-11-11 18:33 ` Michael Mol
2011-11-11 18:25 ` Pandu Poluan
2011-11-11 18:34 ` Grant
2011-11-11 18:56 ` Pandu Poluan
2011-11-11 19:14 ` Florian Philipp
2011-11-12 3:22 ` Pandu Poluan
2011-11-12 1:11 ` Michael Orlitzky
2011-11-12 2:22 ` Grant
2011-11-12 3:20 ` Pandu Poluan
2011-11-12 4:16 ` Michael Orlitzky
2011-11-12 4:32 ` Pandu Poluan [this message]
2011-11-13 18:03 ` Grant
2011-11-13 19:44 ` Florian Philipp
2011-11-15 0:43 ` Grant
2011-11-15 1:04 ` Michael Mol
2011-11-15 1:19 ` Grant
2011-11-15 2:11 ` Michael Mol
2011-11-15 2:32 ` Grant
2011-11-15 2:37 ` Michael Mol
2011-11-15 2:47 ` Grant
2011-11-15 4:54 ` Pandu Poluan
2011-11-15 7:18 ` J. Roeleveld
2011-11-13 20:43 ` Michael Orlitzky
2011-11-15 0:46 ` Grant
2011-11-13 20:50 ` Michael Orlitzky
2011-11-15 1:54 ` Grant
2011-11-15 15:23 ` Michael Orlitzky
2011-11-12 4:10 ` Michael Orlitzky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAA2qdGX_kj2Cu__ab+8aiwvC_fu68bDaab8D_OOUDz6_2kEipA@mail.gmail.com \
--to=pandu@poluan.info \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox