Date: Tue, 12 Dec 2006 14:38:55 -0800 From: James Long <list@museum.rain.com> To: freebsd-questions@freebsd.org, arun@dasmax.com Subject: RE: FreeBSD Backup Message-ID: <20061212223854.GA26718@ns.umpquanet.com> In-Reply-To: <20061212214525.2C68D16A5A2@hub.freebsd.org> References: <20061212214525.2C68D16A5A2@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Tue, 12 Dec 2006 07:05:18 -0800 (PST) > From: probsd org <probsdorg@yahoo.com> > Subject: RE: FreeBSD Backup > To: freebsd-questions@freebsd.org > Message-ID: <20061212150519.65264.qmail@web52409.mail.yahoo.com> > Content-Type: text/plain; charset=iso-8859-1 > > This is assuming you have another account on another freebsd/linux box with a significant amount of space. Works great on a live filesystem. I use /, /var, /tmp, and /usr as examples. > > dump -L -0f - /usr | ssh -C login@other-freebsd-server "cat > /usr/home/login/usr.dump" > dump -L -0f - /tmp | ssh -C login@other-freebsd-server "cat > /usr/home/login/tmp.dump" > dump -L -0f - /var | ssh -C login@other-freebsd-server "cat > /usr/home/login/var.dump" > dump -L -0f - / | ssh -C login@other-freebsd-server "cat > /usr/home/login/root.dump" Watch your umask when doing stuff like the above. If /usr/home/login is world-readable (or group-readable), and your umask permits world-readable files, then all your secure chown root / chmod 600 files are suddenly world readable to any rogueuser that can "cp /usr/home/login/root.dump ~rogueuser/". I prefer to explicitly set the umask: dump -L -0f - / | ssh -i ~root/.ssh/special_backup_dsa_key \ login@other-freebsd-server "umask 177; cat > /usr/home/login/root.dump" One could/should of course also "chmod 700 /usr/home/login"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061212223854.GA26718>