It was hypothetical. I never backup ;-) You always end up with copies of old software ;-)
Kind regards, The out-side Op 9 feb. 2013 om 21:41 heeft Sašo Kiselkov <[email protected]> het volgende geschreven: > On 02/09/2013 08:55 PM, Roel_D wrote: >> Just a question out of interest: >> >> Let's say you put root's directory to another zfs dataset. >> This dataset has been backupped to an USB stick. > > Hang on, you don't encrypt your back ups? Seriously? No offense dude, > but if you did that at my place, you'd find yourself in serious trouble > really soon. > >> I find it (the USB) and I take it to a new OI server and try to >> import it. This will work since it is not encrypted. > > Who in their right mind does backups to removable media unencrypted? > >> On the new server i am root with a new/different password. Since i >> am root, i can open the old root directory and read its bash history. >> Voila. I know all things from the old admin. > > You already committed so many capital crimes in systems administration > that you just deserved what is coming. In order, your crimes were: > > 1) You've used tools which record sensitive data into your .bash_history > (Ever wonder why security-aware tools never take passwords as > command-line arguments? That's why.) > > 2) You neglected to encrypt your backups to removable media. Big no-no. > > 3) You didn't handle backup media with the care they deserve (encrypted > or not, backups are among the most sensitive data an organization can > have) and misplaced them where they can be easily picked up by an > attacker. > > So by this time, everything that happens to your systems is already > karma. Plus, all of this works regardless of whether /root is on a > separate dataset or not! (I use duplicity backup on my Linux laptop.) > > Cheers, > -- > Saso > > _______________________________________________ > OpenIndiana-discuss mailing list > [email protected] > http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
