Re: restrict a root login via ssh to read-only fs access?
Hello,
I've no direct answer to your question, but I'm using a quite similar
setup for my backup, and I tried another approach to increase security.
What you're doing is issuing the rdiff-backup command on the backup
destination machine and pulling the data from the source machine. I
found it useful to do it the other way round: I've put a cron job on the
source machine which invokes rdiff-backup to push its data to the
destination machine.
Disadvantage: the rdiff-backup --server command needs write access. Big
advantage: it only needs access to the backup directory, and not to the
whole machine.
So I can use
'ssh %s /usr/sbin/chroot /store/rdiff nice rdiff-backup --server'
as the remote schema.
Of course, you need a proper jail configuration in /store/rdiff for it
to work. I used jailtool to set this up. If you're interested, I could
provide the rdiff.jail config file for it.
Greets,
Claus
--
CHECON EDV-Consulting und Redaktion
Claus Herwig * Barer Straße 70 * 80799 München
+49 89 27826981 * Fax 27826982 * c.herwig@checon.de
Reply to: