Rsync security

Dan Pritts danno at internet2.edu
Tue Jun 15 16:02:59 GMT 2004


> quite uncomfortable about using this across hundreds of workstations to provide the sync functionality I'm looking for. Specifically my fear is if
> someone gains administrative access to their workstation and can access the ssh private key & ssh server key they will be able to access any
> data they want from the central file server. Plus relying on keypairs is very messy from an administrative point of view.

First off, if all you're trying to do is back up user data, you don't need
to rsync into the file server as root - you can create individual unix
users for each machine that's backing up.  This is not a guarantee that
it will be secure, but it might be good enough for you.

I'm looking at the same problem although on a smaller scale.  I haven't
made a final determination yet as to how i'm going to proceed, but I am
leaning toward using either FreeBSD jail or Solaris zones (new feature
in upcoming solaris 10).

The basic idea here is that you create a virtual environment within
your master server, and the root user inside the virtual environment
does not have any privileges outside.

You could do this on any platform by setting up a chroot environment
but chroot is less secure - there are ways to break out of a chroot
if you can write files into it.  jail and zones provide a more secure
virtual environment.

Note that people often refer to chroot environments as "jails" - these
are NOT the same thing as the freebsd jail.

there are two linux projects, "user-mode linux" which runs an entire
linux kernel as a process under another linux, and "linux-vserver",
which tries to do what freebsd jail does.  Neither one of them appears
to be fully baked, however.  I spent quite a bit of time on uml before
giving up because it just didn't seem stable.  I didn't actually run
linux-vserver but it looks to be under active development, and i was
concerned it just wasn't ready for prime time.

Note that "linux-vserver" and "linux virtual server" are not the same
thing - linux virtual server is more of a clustering thing that allows
multiple physical machines to act as one logical machine.

I haven't considered the key-pair issue.  I have a small enough
environment that it would be manageable.  You could look into using
kerberos instead of ssh keys - it essentially provides a key management
infrastructure.  However, it is much more heavyweight than creating a
bunch of keys.

On Tue, Jun 15, 2004 at 03:37:21PM +0100, ww m-pubsyssamba wrote:
danno
--
dan pritts                                       danno at internet2.edu
systems administrator                            734/352-4953 office
internet2                                        734/834-7224 mobile


More information about the rsync mailing list