Hello Claus,I think the setup you proposed is safer (in fact I don't why know I did not even consider using rdiff-backup in this direction...).
One question:Do you run rdiff-backup --server in the backup-chroot as root or with a different user? Root seemed more convenient in my tests because your backup directory can have the same owners/groups/permissions as the live server which can make it easier to examine the last good state if something breaks. On the other hand -- root in a chroot can easily break out -- afaik.
I have been playing with vservers (http://linux-vserver.org/) for a while and maybe I'll use them instead of a chroot.
Of course, you need a proper jail configuration in /store/rdiff for it to work. I used jailtool to set this up. If you're interested, I could provide the rdiff.jail config file for it.
I am interested :) -- did not use jailtool before but it seems worth a try -- as a chroot or maybe later vserverized.
Thanks, Henrik -- Henrik Heil, zweipol Coy & Heil GbR http://www.zweipol.net/