Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Dec 2001 16:41:30 -0700
From:      Randy Smith <randys@amigo.net>
To:        Marc Rassbach <marc@milestonerdl.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Rsync, ssh and using root.
Message-ID:  <200112102348.fBANmG182366@smtp1.amigo.net>
In-Reply-To: <Pine.BSF.4.21.0112101218390.1117-100000@tandem.milestonerdl.com>
References:  <Pine.BSF.4.21.0112101218390.1117-100000@tandem.milestonerdl.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Monday 10 December 2001 11:33, you wrote:
>
> What I am looking for is a way to have root-level privilages for
> reading/writing files between servers as the lo-tech solution they want
> for the 'server backup' is moving files once a day.

Another option, though not nearly as much fun to set up, is to use 
NFS+IPSec+rsync. It goes something like this:

- Setup a read-only mount from the main machine (Box A) using NFS. You will, 
of course, restrict access to this to the IP address of the other machine 
(Box B).

- Setup IPSec between the boxes to prevent IP spoofing and to provide the 
encryption. (I use static keys to avoid the stability problems with racoon. 
(They may not exist anymore but racoon had issues when I was looking into 
this the first time.))

- On Box B, mount the NFS directory and then rsync from that to where ever it 
needs to be. (bash# rsync --delete /path/to/boxa/nfs /path/to/local/location)

This avoids the problems with SSH and root access but may lead to other 
problems that I am not aware of. One good thing about this is that restoring 
to the other machine is reasonably easy. Remount boxa:/nfs/dir as read-write 
and then reverse the paths in the rsync command above.

Others may be able to point out any problems/improvments that exist with this 
plan.

Good luck.

-- 
Randy Smith
Amigo.Net Systems Administrator
1-719-589-6100 x 4185
http://www.amigo.net/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112102348.fBANmG182366>