[Box Backup] Box Backup on Rails - Part 2

Stefan Norlin boxbackup@fluffy.co.uk
Tue, 20 Mar 2007 16:26:55 +0100

> As a suggestion, it should be configurable to recover to a) origional 
> location b) new location c) download locally.  Also it would be great if 
> it could have some user rights controls.  For example, I would love it if 
> users could only restore files that they had write permission's on (that 
> my not be possible). Finally I would like to see it send an admin an email 
> whenever files are restored... At least that way we can determine if 
> someone is restoring files they shouldn't be.

I would say only "c" is feasible, since all requests are executed by the
web server which should not run as root and therefore could not restore
files into any other location than "/tmp"...

When you say that you will backup the web server, then the client part
of Box Backup will need to be installed there and so the keys and 
will be there, but hopefully only readable by root.

So, if you run "Box Backup on Rails" on the box backup server with only
internal access it may not be a big problem with storing key and 
in the database. Also, then you have the possibility of accessing more than
one box backup account within the same web interface.

Letting people only restore files they own is not possible, I think. I do
not thinl the username is stored in the archive and the "if writable" part
does not seem possible.