How to manage root<-->root rsync keeping permissions?

L A Walsh rsync at tlinx.org
Sat Aug 7 15:10:47 UTC 2021 

On 2021/08/07 03:44, Chris Green via rsync wrote:
> L A Walsh via rsync <rsync at lists.samba.org> wrote:
>   
>> It seems to me, a safer bet would be to generate an ssh-cert
>> that allows a passwdless login from your sys to the remote.
>>
>>     
> The trouble with that is that it leaves a big security hole.
>   
----

    If you only do backups at 1am (or whenever), why would your
backup machine enable ssh outside of the range 12:59 - 01:01?

>
> If (for example) I leave my laptop turned on somewhere, or someone
> wanders into my study where my desktop machine is they have instant,
> passwordless access to the remote backup machine.
----
    If your desktop machine is that open to casual wanderers, perhaps
you should enable a passwd locked screen saver activating after a few
minutes?  I keep my home computer unlocked all the time as well, but I
don't have walk-through visitors that might mess with it. 

    My desktop computer essentially has root access FROM the windows
desktop (my normal user is a domain admin, and can alter permissions
or make changes to any file on my server.  In my case I regard my desktop+
server as a "split system", with the Winbox being my desktop, and the
Linbox being the "backend" of my computer.  The Winbox doesn't normally
have direct access to the network and all of my "content" files /docs/ progs
residing on my linbox.  The Linbox handles backups, network access,
a proxy for the winbox, incoming+outgoing email (dovecot+sendmail), etc.
The linbox does daily security scans and computer maintenance tasks that
I don't trust to letting Windows do it as the linbox provide better 
feedback.

Additionally my linbox has has direct access to any file on my desktop
as well, thought indirectly in that my linbox acts as a samba domain server
for the desktop (thus providing single-signon for my home machines based
on the linbox).  Its slightly moot, in my case to worry about someone on
my desktop being able to access content on my linbox, since all of the
"content" files (docs dir, music, video -- all personal files on desktop)
actually reside on my server where they are backed up daily via xfs_backup.
They are connected via a dedicated, direct 10Gb ethernet that gives 
200-400MB/s(M=2**20 bytes) nominal speed up to 600MB.
> I try very hard to make my backups secure from attack so that if my
> desktop or laptop is compromised somehow the (remote) backups are
> still secure.
>   
---
    Excellent!  In my case, my laptop/desktop (used to be a laptop) is
thoroughly entwined with the server such that one has trouble functioning
without the other. 

    In your case, though, I was thinking of a backup process that would
only be used when my laptop was on a secure network (like @ home).

    If there is risk to your laptop while @ home, hopefully it has a
short-timeout that bounces it to the screen saver that requires a
password to unlock?t
>
> The backup system that runs the rsync daemon has its rsync configured
> with 'refuse options = delete'
---
    Ahh...I thought you were actually trying to keep them in sync.
Maybe you might think about using an actual backup prog like tar.
In my case, the Users/groups are the same.  Tar handles ext attrs and
acls and can keep track of backing files up that have actually changed
rather than relying on time/date stamps.

>  so not only does someone with access to
> my desktop/laptop need to know the rsyncd username and password but
> they also cannot delete my existing backups.  It runs incremental
> backups so nothing is ever overwritten either.
>   
----
    BTW, incremental backups aren't really the same as 'update' backups,
they keep track of the state of the file system (including files no 
longer there)
so you can restore your desktop to a specific day before some unwanted
updated was introduced and kept by an update-only backup system.

For example.  My home partition:
home-210501-0-0438.dump  home-210512-1-0431.dump  home-210523-1-0430.dump
home-210601-0-0437.dump  home-210603-2-0431.dump  home-210612-1-0433.dump
...
home-210729-6-0430.dump  home-210730-9-0430.dump  home-210731-8-0430.dump
home-210801-0-0438.dump  home-210803-2-0430.dump  home-210804-5-0430.dump
home-210805-4-0430.dump  home-210806-7-0430.dump  home-210807-6-0430.dump

Can be restored to any of the dates with a script:
>  Display_Only=1 full_restore home restore 210716
restore home-210701-0-0442.dump to /home/cache/restore
restore home-210712-1-0430.dump to /home/cache/restore
restore home-210714-2-0430.dump to /home/cache/restore
restore home-210716-4-0430.dump to /home/cache/restore


For several months I provided a few back-weeks of
'Restore previous versions' that did checkpoints 4x/day.

Constructed it using rsync, but it really was too much work for
too little feature.


Anyway, I'm aware of various security considerations and it seems like
the best single thing would be a fast-timout screen saver that
would require a password to stop (in addition to the
root-ssh login)... 

Hope this is at least a little helpful, sorry for not understanding
your constraints...
Linda

More information about the rsync mailing list