[Dirvish] Inotify triggered backup

Bernd Haug haug at berndhaug.net
Fri Feb 8 03:34:33 UTC 2008 

Red Mop wrote:
> The idea here is that I don't want to leave all of my computers on all the 
> time.  So when they boot up, or if they happen to be on, once per day, it 
> creates a file on the server via ssh.  The server, having detected this file 
> via inotify, then immediately proceeds to backup the server.  This cuts down 
> on the error messages cron sends me, and also allows for simultaneous 
> backups.

Now I get you, cool.
But IMO, you kinda do that bass-ackwards.

Why not just do the following:

(1) [on the server] just make the user that triggers the backup via file 
diddling a NOPASSWD sudoer for the exact command lines for all the 
vaults (somebody else already posted how to do single vaults).

DON'T just make the whole dirvish commands sudoable without specifying 
each of the parameter sets because then any parameter may be used for 
sudo, and future bugs may make you vulnerable to malicious command lines 
from local logins as that user.

---

(2) [on the server] write a script that takes no parameters and does 
both tasks for that vault, with the sudo commands you configured.

You don't need parameters because you can read the hostname (which 
defines the vault(s) to run from the SSH_CLIENT variable. Now enforce 
running that script, and that script only, in the key that allows the 
user to login to the server in the first place. While you're at it, 
disallow forwarding, X...maybe inhibit vt allocation. The necessary docs 
for authorized_keys is in the manpage of sshd. This way you're secure 
but still only need to manage one key in that place.

For distributing a new private key in case a client gets subverted, see 
capistrano or cfengine.

---

(3) [on the clients] call that script via ssh at boot right after 
starting sshd instead of just creating a file on the server. The backup 
  runs right then and you need neither polling nor inotify magic, which 
makes it more portable; with the measures above, it should also be at 
least as secure.

---

Also, please get your posting in order. Your top-posting was annoying 
and you changed that; thanks. But now I see newlines between all the 
lines in your posts, and I see your bottom-posts in a different font 
than all the others - have you turned on HTML by mistake? If you did it 
intentionally, it was still a mistake, if you catch my drift.

Finally, you should limit the key that allows the server to log back 
into the client for backups to the exact rsync commandline that's run on 
that specific machine (see the sshd logs), in the same way as you 
limited the key to notify to start the backup.

Yours, Bernd

More information about the Dirvish mailing list