restrict a root login via ssh to read-only fs access?
Hello list,
I want to setup a backup-system for some servers that can also backup
files that only root (uid 0) can read.
At the moment I use rdiff-backup over ssh with a second root user
(root2) with uid 0
etc/passwd:
root2:x:0:0::/home/root2:/bin/bash
and a restrictive ssh-configuration to limit what this user can do
/home/root2/.ssh/authorized_keys:
command="/usr/bin/nice -n 15 /usr/bin/rdiff-backup --server
--restrict-read-only /",
no-pty,no-X11-forwarding,no-agent-forwarding,no-port-forwarding [key
without passphrase]
The ssh-login ist key-only an will be retricted to a fixed IP.
On the backup machine I have a cronjob that logs in as root2 and runs
the rdiff-backup command:
/usr/bin/rdiff-backup \
--exclude /dev --exclude /proc \
--remote-schema 'ssh -C %s /usr/bin/nice -n 15 /usr/bin/rdiff-backup
--server --restrict-read-only /' \
--print-statistics \
root2@[server]::/ \
/var/rdiff-backups
The backup machine is hardened but I would prefer to further limit the
damage if the private key of root2 is compromised and/or there is an
exploitable bug in rdiff-backup so I am looking for some way to globally
drop write permissions with a command that ist executed when root2 logs
in via ssh. Any ideas?
Thanks in advance,
Henrik
--
Henrik Heil, zweipol Coy & Heil GbR
http://www.zweipol.net/
Reply to: