> - I'm using ssh
> - While I could create ssh keys for each user (and then initiate using the -i
> option), this would require administrative overhead with the add/delete of
> user's, so while this is possible it isn't as practical as we would like.
> - I was considering adding the user account, that is doing the rsync, to the
> user's 'group' and chmod'ing (recursively) to give read access(and back
> again).
> I don't even want to get in depth with the problems that this could cause...
> - Setting the executable user bit to the root account (using cron job) to turn
> on/off this capability. This too has security concerns.
>
> I'm trying to determine the best course of action with the least overhead
> involved. I appreciate any input.
I use rsynch over ssh and specifty recursive and follow symlinks. THis allows
me to create a single directory somewhere in /root or /var/wherever (i.e.,
readable only by a group or root). Inside this directory I symlink to all the
directories that I want to backup. For example, in /root/backup_targets are
symlinks to /etc, /var/named, /home, /var/spool, /var/mail and any other data
files that I need to keep. Adding a backup is as simple as 'ln -s /source .'.
If you do this as a regular user make sure that the backup account has rights
to the directories.
If by overhead you mean the transport -- try using blowfish as the cipher.
It's supposedly faster than the default.
As I write this I'm also running some backups over ssh. The idea is simple:
1) On the remote system, create three named pipes (rmtpipe, pipe.out, pipe.err).
mknod rmtpipe p; mknod pipe.out
2) On the remote, initiated via a script on the local system, run a tar job
specifying the rmtpipe as the save device.
ssh remote host tar cfv rmtpipe /list /of /backup /dirs
3) On the the remote via ssh, start a dd session using the named pipe as the
input and stdout as the output. Pipe this command to dd on the local system
and specify the outfile.
ssh remote "dd if=rmtpipe" | dd of=backup.tar
Works beautifully and you don't need any remote moint points or stored keys.
-- * The Digital Hermit http://www.digitalhermit.com * Unix and Linux Solutions kwan@digitalhermit.com ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:14:52 EDT