On 21.09.21 17:53, Tim Woodall wrote:
I would like to have some WORM memory for my backups. At the moment
they're copied to an archive machine using a chrooted unprivileged user
and then moved via a cron job so that that user cannot delete them
(other than during a short window).
My though was to use a raspberry-pi4 to provide a USB mass storage
device that is modified to not permit deleting. If the pi4 is not
accessible via the network then other than bugs in the mass storage API
it should be impossible to delete things without physical access to the
pi.
Before I start reinventing the wheel, does anyone know of anything
similar to this already in existence?
Things like chattr don't achieve what I want as root can still override
that. I'm looking for something that requires physical access to delete.
The backup tool borg, or borgbackup (this latter is also the package
name in the Debian repository), has an option to create backup archives
to which only data can be added but not deleted. If you can get it
managed, that only borgbackup has access through the network to the
backup system but no other user can access the backup system from the
network, then this might be want you want.
Borgbackup appears to be quite professionally designed. I have never had
bad experience for my usage scenario backing up several home and data
directories with it and restoring data from the archives - luckily
restoring data just for testing the archives but not for indeed having
needed data from a backup. My impression is, that this tool is also in
use by the big professionals, those who have to keep up and running a
real big business. Well, maybe someone of those borgbackup users with
the big business pressure and experience should comment on this and not
me. At least for me and my laboratory measurement data distributed on
still less than 10 computers and all together comprising still less than
10 TB data volume, it is the perfect tool. Your question sounds like it
could also fit your needs.
Best wishes,
Marco