I'm using rdiff-backup to backup files across a LAN. The destination
machine has a dedicated backup account which has passwordless ssh
login set up for client machines that want to do backups.
To make things a bit more secure I have added the following to my
sshd_config on the destination/backup machine:-
Match User=bak
ForceCommand rdiff-backup --server
So far so good. I can backup as required but it's not possible to
login to the bak account using ssh. I'd like to lock it down a bit
further by using the --restrict-update-only option so that if an
intruder did gain access to a client machine they wouldn't be able to
remove anything useful from the backups by deleting or overwriting.
However I'm not quite clear how --restrict-update-only works, can I
just do something like:-
Match User=bak
ForceCommand rdiff-backup --server --restrict-update-only /
and thus prevent anything other than updates for *all* backups?
--
Chris Green
_______________________________________________
rdiff-backup-users mailing list at [email protected]
http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
