How to manage root<-->root rsync keeping permissions?
Chris Green
cl at isbd.net
Sat Aug 7 10:44:34 UTC 2021
L A Walsh via rsync <rsync at lists.samba.org> wrote:
> On 2021/08/03 07:09, Chris Green via rsync wrote:
> > I already have an rsync daemon server running elsewhere, I can add
> > this requirement to that I think. Thank you.
> >
> ----
>
> It seems to me, a safer bet would be to generate an ssh-cert
> that allows a passwdless login from your sys to the remote.
>
The trouble with that is that it leaves a big security hole.
If (for example) I leave my laptop turned on somewhere, or someone
wanders into my study where my desktop machine is they have instant,
passwordless access to the remote backup machine.
I try very hard to make my backups secure from attack so that if my
desktop or laptop is compromised somehow the (remote) backups are
still secure.
The backup system that runs the rsync daemon has its rsync configured
with 'refuse options = delete' so not only does someone with access to
my desktop/laptop need to know the rsyncd username and password but
they also cannot delete my existing backups. It runs incremental
backups so nothing is ever overwritten either.
--
Chris Green
·
More information about the rsync
mailing list