Re: [rdiff-backup-users] Clarification of --restrict-update-only

[Dominic]

Chris G wrote:
> > > Anyway, back to the original point of my question, if I put:-
> > >
> > >     Match User=bak
> > >     ForceCommand rdiff-backup --server --restrict-update-only /
> > >
> > > at the end of my sshd configuration on the backup server will it prevent
> > > rdiff-backup doing anything but updates on any/every part of the
> > > backup hierarchy?
> > >       
> > From my reading of man page I think you are correct, but I suggest you 
> > accept the position of 'restrict-update-only Tester In Chief' and let us 
> > know how you get on! I would be interested to know if it causes any 
> > problems when comparing or recovering files (but I don't think it should). 
> > Can you use it when creating a new repository?
> K, I'll add the extra parameter and see how it all goes.
To get you started I did a list of rdiff-backup options below showing 
whether they should work okay when used on the rdiff-backup push client 
side with your proposed --restrict-update-only server-side restriction - 
'Yes' means I think it should always work and 'No' means I think it 
might sometimes or always cause a failure depending on the situation.

The ones I think most interesting are first whether new repositories can 
be created (logically yes, but does it work?), and second 
--check-destination-dir (and automatic fixing of a previous failed 
backup). Logically --check-destination-dir should work because the 
action that rdiff-backup takes in this case is not a security risk (it 
is only undoing a backup that has failed, and a malicious user cannot 
use it to remove valid backups), but as it involves deleting data on the 
server --restrict-update-only might prevent it. I guess the best way to 
find out for sure is to create a failed backup and try it...

Some historic (Jun 2006) discussion here: 
http://www.nabble.com/-bug--16897--Security-Violation-on-first-increment-while-using-restrict-update-only-td4963925.html

Dominic

*???       [default], -b,* *--backup-mode (might be a problem creating 
new repositories?)*

*Yes       --calculate-average*

*Yes       --carbonfile*

*???       --check-destination-dir (and **automatic fixing of a previous 
failed backup)*

*Yes       --compare**

No        *--create-full-path*

Yes       *--current-time* /seconds/

Yes       *--exclude**

No        *--force*

Yes       *--group-mapping-file* /filename/

Yes       *--include**

Yes       *--list**

Yes       *--max-file-size* /size/

Yes       *--min-file-size* /size/

Yes       *--never-drop-acls*

Yes       *--no-**

Yes       *--null-separator*

Yes       *--parsable-output*

Yes       *--override-chars-to-quote*

Yes       *--preserve-numerical-ids*

Yes       *--print-statistics*

Yes       *-r,* *--restore-as-of* /restore/*_*/time/

Yes       *--remote-schema* /schema/

No        *--remote-tempdir* /path/ (workaround: add --tempdir to 
ForceCommand in sshd_config?)

No        *--remove-older-than* /time/*_*/spec/

N/A       *--restrict* /path/

N/A       *--restrict-read-only* /path/

N/A       *--restrict-update-only* /path/

N/A       *--server*

Yes       *--ssh-no-compression*

Yes       *--tempdir* /path/

Yes       *--terminal-verbosity* /[0-9]/

Yes       *--test-server*

Yes       *--use-compatible-timestamps*

Yes       *--user-mapping-file* /filename/

Yes       *-v*/[0-9]/*,* *--verbosity* /[0-9]/

Yes       *--verify**

Yes       *-V,* *--version*