From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QuDTr-0000Tq-DG for garchives@archives.gentoo.org; Fri, 19 Aug 2011 01:02:39 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 16C3521C109; Fri, 19 Aug 2011 01:02:25 +0000 (UTC) Received: from mail-ey0-f171.google.com (mail-ey0-f171.google.com [209.85.215.171]) by pigeon.gentoo.org (Postfix) with ESMTP id 714FE21C082 for ; Fri, 19 Aug 2011 01:01:09 +0000 (UTC) Received: by eyg24 with SMTP id 24so1298152eyg.16 for ; Thu, 18 Aug 2011 18:01:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=mUUV3ewtjvjp0ns2T8yCOkLp1Nk/B9IIrI8daUQBJx4=; b=FfZ5pQeBbE9GbQMFh77Gnk+4PAx0KhT9AnYZHjPc5l+E4CdYKzaL/DsAe/wyByQ2fm xqtxmF1eJBiAHljI/4+YkB5modF36ny3Lvw8JmdllaRqyJtG1fh+HyT/yzeQBQ0Kpi0n EKXAFl+hK79yuMKE2eZcKYFIypTCkG5PWal0E= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.14.145.67 with SMTP id o43mr493357eej.204.1313715668562; Thu, 18 Aug 2011 18:01:08 -0700 (PDT) Received: by 10.14.100.140 with HTTP; Thu, 18 Aug 2011 18:01:08 -0700 (PDT) In-Reply-To: <24789713.e3lGWgN6L7@eve> References: <1594706.BMHADekol8@eve> <24789713.e3lGWgN6L7@eve> Date: Thu, 18 Aug 2011 18:01:08 -0700 Message-ID: Subject: Re: [gentoo-user] {OT} rdiff-backup: push or pull? From: Grant To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 2a976dda42287781b521cce18565a1ec >> >> > You can seperate the backups by giving each system a different >> >> > account >> >> > where to store the backups. >> >> >> >> I'm not sure what you mean. =A0The backups are all stored on the back= up >> >> server. >> > >> > Each machine to be backed up has a different account on the backup >> > server. This will prevent machine A from accessing the backups of >> > machine B. >> > >> > This way, if one machine is compromised, only this machines backups ca= n >> > be accessed using the access-keys for the backup. And this machines >> > keys can then be revoked without affecting other backups. >> >> That's a great idea. =A0I will do that. =A0Should that backup account ha= ve >> any special configuration, or just a standard new user? > > I would suspect just a standard new user with default permissions. > Eg. only write-access to his/her own files. > > And I'd prevent that user account from being able to get a shell-account. I created the backup users and everything works as long as the backup users have shells on the backup server and are listed in AllowUsers in /etc/ssh/sshd_config on the backup server. Did I do something wrong or should the backup users need shells and to be listed in AllowUsers? Should I set up any extra restrictions for them in sshd_config? Should I set passwords for them? - Grant > A ".bashrc" with "exit" as the last or first entry is a nice touch. Espec= ially > if you set the permissions such that it works for the user but the user c= an > never change that file. > > -- > Joost