Anyway, back to the original point of my question, if I put:-
Match User=bak
ForceCommand rdiff-backup --server --restrict-update-only /
at the end of my sshd configuration on the backup server will it prevent
rdiff-backup doing anything but updates on any/every part of the
backup hierarchy?
I know the "ForceCommand rdiff-backup --server" bit works, attempts to
log in to the backup server using ssh to the bak account fail. Thus
the only thing an intruder can do from a client machine using the
passwordless bak account is to run rdiff-backup. If I can further
restrict it to minimise the possibility of deleting useful data then
so much the better, I just want to clarify how the restrict-update-only
works.
--
Chris Green
_______________________________________________
rdiff-backup-users mailing list at [email protected]
http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
