[Server-devel] Backup of user home

Raul Gutierrez Segales rgs at rieder.net.py
Tue Sep 15 01:12:24 EDT 2009 

On Mon, 2009-09-14 at 19:43 -0400, John Watlington wrote:
> You are correct.   Since your backup script by definition needs to  
> read ALL data,
> regardless of ownership or permissions, you will have to run it with  
> superuser
> priviledges.

Unless, if this isn't a huge security hole, we can relax permissions
(i.e. chmod -R g+r /library/users and reconfigure whatever creates users
backups with ownership SN:SN to use SN:wheel).

> 
> Why don't you consider using the rsync server, instead of invoking it  
> through a user ?
> 

What is the advantage of doing this instead of a pull using rsync
thourgh ssh as proposed by Rodolfo? That the rsync server would run as
root (hence we would have access to the whole filesystem)?


Raúl 


> John
> 
> 
> On Sep 14, 2009, at 3:26 PM, Rodolfo D. wrote:
> 
> > Hello:
> >
> > I'm working on a backup and restore feature for our schoolservers,  
> > and I got stuck on home directories of laptops
> >
> > The backup works like this.. based on the backup script provided by  
> > dsd, and also based on our specific features.. I placed all  
> > important data in a directory "/library/backup" (wich can later be  
> > tar, ziped, and in our case rsync-ed), and its being done by a cron  
> > job
> >
> > On a centralized backup server.. we have a script that PULLS the / 
> > library/backup of each server, so main configs are being saved  
> > without much hassle.. But when it comes to user directories, it  
> > lack permissions, because the /library/users/SN directory has no  
> > read permissions for others
> >
> > how would you recomend that we do this?
> >
> > My first thought was to simply just add recursive read permissions  
> > to the user folder.. but that doesn't take security in mind..  
> > perhaps there's another way
> >
> > for now our pull works like this:
> >
> > root at backupserver ~ $ rsync user at schoolserver:/library/backup/ / 
> > backup/schoolserver/backup/
> > root at backupserver ~ $ rsync user at schoolserver:/library/users/ / 
> > backup/schoolserver/users/
> >
> > root at backupserver ~ $ rsync user2 at schoolserver2:/library/backup/ / 
> > backup/schoolserver/backup/
> > root at backupserver ~ $ rsync user2 at schoolserver2:/library/users/ / 
> > backup/schoolserver/users/
> >
> > Doing a push as a cron job from the server was a second idea, but  
> > the backup server does "other" things so security in the backup  
> > server is very important
> >
> > Any ideas?
> >
> > cheers..
> >
> > -- 
> > Rodolfo
> >
> > _______________________________________________
> > Server-devel mailing list
> > Server-devel at lists.laptop.org
> > http://lists.laptop.org/listinfo/server-devel
> 
> _______________________________________________
> Server-devel mailing list
> Server-devel at lists.laptop.org
> http://lists.laptop.org/listinfo/server-devel
>

More information about the Server-devel mailing list