On Tue, Nov 23, 2010 at 10:10:15AM +0000, Brett Parker wrote:
With a little bit of lateral thinking that's actually how I think I can implement what I want. Instead of running the rsync daemon on the remote system where I just have shell access I can run an rsync daemon on my home server with everything set read only and then the remote systems can 'pull' the backups across.
Someone breaking in to the server end can't damage the remote files, or at least they could if they overwrote all the files but it's a fairly unlikely scenario IMHO. A break-in on the remote system can obviously delete the backup but will have no access to the server.
Or just do what anyone else would, and use a passphraseless ssh key with a correct limiting command in the authorized_keys file. Thus not transfering data in plain text across the interwebnets, and not trusting to the security of the rsync daemon.
Sleeping on it I have (I think) an even simpler (and at least as secure) solution. Don't use cron/anacron, just run a script from my .profile which runs the rsync at hourly intervals (or whatever seems reasonable).
Since it runs with the environment of my login it can make passwordless connections to the remote system (without a need for extra passphraseless ssh keys).
Other (more system oriented) backups are done by other means anyway, this extra rsync is of business records which will only change as a consequence of me changing them so backing up only while I'm logged in is fine.