[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] security issues
|
From: |
Ben Escoto |
|
Subject: |
Re: [Duplicity-talk] security issues |
|
Date: |
Sat, 4 Jan 2003 22:31:49 -0800 |
|
User-agent: |
Mutt/1.4i |
On Sat, Jan 04, 2003 at 01:26:43PM -0600, Rob Browning wrote:
> I'm trying to think through the security issues involved when using
> duplicity to back up to a remote machine via ssh or scp. Ideally I'd
> like to provide very limited access on the target machine, and such a
> facility might be really helpful when trying to convince someone else
> to host your backups.
...
> One alternative might be to add a new transport, say agent:, and with
> a target-side command, duplicity-agent, that was specifically designed
> for use via "command=/usr/bin/duplicity-agent". duplicity-agent would
> be very careful to only allow the operations that duplicity requires
> for backup and restore operations, to use chroot if appropriate, to
> sterilize its environment, etc.
Why not just ask for a chrooted ssh environment, with only access to
ls and possibly rm? (Can scp be chrooted? I thought it worked
through the ssh system, so chrooting one would chroot the other?) It
seems unlikely that the host system's admin wouldn't trust you to have
an account, but would trust some obscure 'duplicity-agent' tool which
you are recommending. :)
--
Ben Escoto
pgpEs4xdFv0ng.pgp
Description: PGP signature