[Dirvish] Permissions and access

Jon Radel jon at radel.com
Thu Jun 9 12:27:24 PDT 2005


Nathan Hunsperger wrote:
> In my setup, my backup server is much more secure than my backed-up
> servers, so logging into the other servers as root isn't a problem.
> However, if you are really concerned about this, you could set up an
> account on your main server (with uid 0), but that has a restricted
> shell.  This would allow you to only allow the specific commands Dirvish
> needs to run (rsync with options, and your post-client / pre-client
> commands), and deny everything else.  Note:  I haven't done this, but it
> should work (tm).  I eventually want to go down this route myself, as it
> is implicitly more secure.

You don't even need another UID=0 account to do this; there are various 
restrictions that you can tie to the certificate you use in ssh.  I 
routinely use no-pty to keep the certificate from being particularly 
useful for interactive logins.  Various forced command schemes could be 
even more restrictive and secure.  There are good examples in the 
O'Reilly book on ssh.

Also, I'll note as an aside, that I can think of no reason that a push 
from main server to backup server with rsync over ssh scheme wouldn't 
work, it's just that that wouldn't be dirvish as currently written anymore.

--Jon Radel
jon at radel.com


More information about the Dirvish mailing list