Permissions for backup user - Security

This is a discussion on Permissions for backup user - Security ; I have just finished setting up a backup scheme using rsnapshot over ssh for my server. However, in order to have access to all the files, I'm having to do this as root. For obvious reasons, I don't like have ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Permissions for backup user

  1. Permissions for backup user


    I have just finished setting up a backup scheme using rsnapshot over
    ssh for my server. However, in order to have access to all the files,
    I'm having to do this as root. For obvious reasons, I don't like have
    root login enabled, even if it is protected with a public/private key
    system.

    I would like to create a backup user to handle this. One does not
    exist on my server at present. What permissions, group membership,
    etc do I need to grant to this user to allow it to read all the
    necessary files? I have seen some examples, too, where the shell for
    the user was set to rsync. Does that work or provide more security?

    Jeff

  2. Re: Permissions for backup user

    J Rice wrote:
    > I have just finished setting up a backup scheme using rsnapshot over
    > ssh for my server. However, in order to have access to all the files,
    > I'm having to do this as root. For obvious reasons, I don't like have
    > root login enabled, even if it is protected with a public/private key
    > system.
    >
    > I would like to create a backup user to handle this. One does not
    > exist on my server at present. What permissions, group membership,
    > etc do I need to grant to this user to allow it to read all the
    > necessary files? I have seen some examples, too, where the shell for
    > the user was set to rsync. Does that work or provide more security?
    >
    > Jeff


    For root access, you need to be root. QED.

    However, you might consider using SSH tunneling to reach an rsync daemon on
    the server, configured to allow read-only, root access, for exactly this
    prupose. (I've done this with rsnapshot before, myself).

    Keeping an rsync daemon to not go down mounted directories is non-trivial, and
    requires advance knowledge of the mountpoints, unlike a direct rsync command.
    But it can be done.

+ Reply to Thread