On Tue, Dec 16, 2008 at 10:10:32AM +0000, Brett Parker wrote:
On 16 Dec 09:55, Chris G wrote:
On Tue, Dec 16, 2008 at 09:25:43AM +0000, Brett Parker wrote:
On 15 Dec 23:32, Dan Hatton wrote:
On Mon, 15 Dec 2008, Chris G wrote:
As I said I hardly matters as the command that needs to work is a backup command so anyone who can run the command can do just about anything they want - copy files, delete files, overwrite files, etc.
According to its manpage, super has the capability to restrict what arguments are given to a command as well as the command itself. I'm guessing sudo has similar functionality available, right?
Yes, indeed it does, but it becomes "interesting" to get the recipe right. The fact that the command option in ssh's authorized_keys is well documented, and there are many examples that show how to "safely" set up dirvish via it, not least of all: http://www.uno-code.com/?q=node/10
Now, as that limits the command to only what it trusts, i.e. only what is on the other machine in the authprogs.conf file... and stops *anything* else from running, i.e. there is no copy, delete or overwrite files... (also, sudo or super for firing off a rsync session is going to be a lot more complicated than just firing off the rsync session ;)
How do you back up files without copying them? :-)
Well, I suspect that it depends on your definition of copy... Now, as far as I'm concerned, what the rsync is actually doing on that end, i.e. the machine being backed up, is serving files, it's not copying anything... unless you count reading from disk to memory as a copy, or from memory to network as a copy... it's not writing anything to the local disk. So, err.
It's copying files from the 'remote' machine to 'this' machine, I have the backup running as a cron job on the system where the backups are stored. If that isn't 'copying files' then I don't know what is! :-)
The issue is that as it is running with root privileges it can copy *any* file it likes including all the ssh public and private keys so once you have them you have a pretty free hand to do what you want don't you?