[Box Backup] Network failure
Ben Summers
boxbackup@fluffy.co.uk
Mon, 7 Feb 2005 09:38:51 +0000
On 7 Feb 2005, at 09:26, Mr R G Shepherd wrote:
> Ben Summers wrote:
>> Simply use the normal UNIX file permission system to restrict access
>> to the key and certificates files. Then they won't be able to log in,
>> and even if they did, they wouldn't be able to decrypt the data.
>> The supplied bbackupd-config script will limit these files to the
>> user who runs the script. This is usually root, as root privileges
>> are required to read all files (unless you have lots of fun with
>> groups).
>> Ben
>
> Forgive my ignorance, I have not yet had a chance to install and play
> with boxbackup. Soon though :)
>
> The method you state above: will this not disable backup also? I only
> want to limit restore... :)
As long as bbackupd can access the certs and keys, then it will be able
to back up data. This method does rely on users not having root access
to the machines they use, otherwise they could access the keys
themselves.
If they do have root access, then a simple one line change to bbstored
could disable restoration. You'd need to kill the daemon and start the
unpatched one to restore.
Ben