On 21.09.21 17:53, Tim Woodall wrote:
I would like to have some WORM memory for my backups. At the moment
they're copied to an archive machine using a chrooted unprivileged user
and then moved via a cron job so that that user cannot delete them
(other than during a short window).
My though was to use a raspberry-pi4 to provide a USB mass storage
device that is modified to not permit deleting. If the pi4 is not
accessible via the network then other than bugs in the mass storage API
it should be impossible to delete things without physical access to the
pi.
Before I start reinventing the wheel, does anyone know of anything
similar to this already in existence?
Things like chattr don't achieve what I want as root can still override
that. I'm looking for something that requires physical access to delete.
The backup tool borg, or borgbackup (this latter is also the package name in
the Debian repository), has an option to create backup archives to which only
data can be added but not deleted. If you can get it managed, that only
borgbackup has access through the network to the backup system but no other
user can access the backup system from the network, then this might be want
you want.