[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [rdiff-backup-users] Clarification of --restrict-update-only
From: |
Chris G |
Subject: |
Re: [rdiff-backup-users] Clarification of --restrict-update-only |
Date: |
Thu, 5 Feb 2009 14:10:12 +0000 |
User-agent: |
Mutt/1.5.17 (2007-11-01) |
On Thu, Feb 05, 2009 at 01:13:23PM +0000, Dominic wrote:
> Chris G wrote:
>>>
>>>> Anyway, back to the original point of my question, if I put:-
>>>>
>>>> Match User=bak
>>>> ForceCommand rdiff-backup --server --restrict-update-only /
>>>>
>>>> at the end of my sshd configuration on the backup server will it prevent
>>>> rdiff-backup doing anything but updates on any/every part of the
>>>> backup hierarchy?
>>>>
>>> From my reading of man page I think you are correct, but I suggest you
>>> accept the position of 'restrict-update-only Tester In Chief' and let us
>>> know how you get on! I would be interested to know if it causes any
>>> problems when comparing or recovering files (but I don't think it
>>> should). Can you use it when creating a new repository?
>> K, I'll add the extra parameter and see how it all goes.
> To get you started I did a list of rdiff-backup options below showing
> whether they should work okay when used on the rdiff-backup push client
> side with your proposed --restrict-update-only server-side restriction -
> 'Yes' means I think it should always work and 'No' means I think it might
> sometimes or always cause a failure depending on the situation.
>
> The ones I think most interesting are first whether new repositories can be
> created (logically yes, but does it work?), and second
> --check-destination-dir (and automatic fixing of a previous failed backup).
> Logically --check-destination-dir should work because the action that
> rdiff-backup takes in this case is not a security risk (it is only undoing
> a backup that has failed, and a malicious user cannot use it to remove
> valid backups), but as it involves deleting data on the server
> --restrict-update-only might prevent it. I guess the best way to find out
> for sure is to create a failed backup and try it...
>
Excellent, thank you for all this information.
> Some historic (Jun 2006) discussion here:
> http://www.nabble.com/-bug--16897--Security-Violation-on-first-increment-while-using-restrict-update-only-td4963925.html
>
> Dominic
>
> *??? [default], -b,* *--backup-mode (might be a problem creating new
> repositories?)*
>
> *Yes --calculate-average*
>
> *Yes --carbonfile*
>
> *??? --check-destination-dir (and **automatic fixing of a previous
> failed backup)*
>
> *Yes --compare**
>
> No *--create-full-path*
>
> Yes *--current-time* /seconds/
>
> Yes *--exclude**
>
> No *--force*
>
> Yes *--group-mapping-file* /filename/
>
> Yes *--include**
>
> Yes *--list**
>
> Yes *--max-file-size* /size/
>
> Yes *--min-file-size* /size/
>
> Yes *--never-drop-acls*
>
> Yes *--no-**
>
> Yes *--null-separator*
>
> Yes *--parsable-output*
>
> Yes *--override-chars-to-quote*
>
> Yes *--preserve-numerical-ids*
>
> Yes *--print-statistics*
>
> Yes *-r,* *--restore-as-of* /restore/*_*/time/
>
> Yes *--remote-schema* /schema/
>
> No *--remote-tempdir* /path/ (workaround: add --tempdir to
> ForceCommand in sshd_config?)
>
> No *--remove-older-than* /time/*_*/spec/
>
> N/A *--restrict* /path/
>
> N/A *--restrict-read-only* /path/
>
> N/A *--restrict-update-only* /path/
>
> N/A *--server*
>
> Yes *--ssh-no-compression*
>
> Yes *--tempdir* /path/
>
> Yes *--terminal-verbosity* /[0-9]/
>
> Yes *--test-server*
>
> Yes *--use-compatible-timestamps*
>
> Yes *--user-mapping-file* /filename/
>
> Yes *-v*/[0-9]/*,* *--verbosity* /[0-9]/
>
> Yes *--verify**
>
> Yes *-V,* *--version*
>
>
>
>
> _______________________________________________
> rdiff-backup-users mailing list at address@hidden
> http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
> Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
>
--
Chris Green
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, (continued)
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Dimi Paun, 2009/02/04
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Dominic, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Dominic, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Dominic, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Andrew Ferguson, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Dominic, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only,
Chris G <=
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Dominic, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/05