Welcome! » Log In » Create A New Profile

Excluding directories, on the server side?

Posted by Anonymous 
Excluding directories, on the server side?
March 02, 2004 08:47AM
Hi!

I backup most of my servers using rdiff-backup over ssh, where the
servers have a /root/.ssh/authorized_keys of the following format:

command="rdiff-backup --server" ssh-rsa <rest of key>

On the "client" (i.e., the backup server), I then use a REMOTE_SCHEMA
to access the servers. I also specify exclusions on the "client" side
(i.e. on the backup server), for example that /proc should not be
backed.

Now I have a new server where parts of the filesystem contains stuff
that should not be contained anywhere else than on just that
server. I still want to take backups of the server. I'd like a way to specify
on the server that "the directory /secure may not be transferred to
the backup server using rdiff-backup".

I can, of course, specify on the backup server that /secure should not
be transferred, but what if someone breaks into my backup server, but
not into my "secure" server (they will have different root passwords)?
Then he/she can just change the excludes-list on the backup server and
get the information he/she wants.

Can you see the idea? Is this possible with the current rdiff-backup?
Does it sound like a decent thing, or just security-by-obscurity?

A Networker-like behaviour, where rdiff-backup checks if there is a
.rdiff-excludes file present in each directory before backing it up
would solve this. (Networker reads .nsr files, where you can specify
for example that subdirectories foo, bar and gaz should be skipped). I
think I've spoken about this before, but I don't remember what the
response to the idea were (perhaps just "Oh, nice, please implement!
:-) ).

EF
--
Erik Forsberg Telephone: +46-13-21 46 00
Cendio AB Web: http://www.cendio.com
Excluding directories, on the server side?
March 02, 2004 10:54PM
Erik Forsberg wrote:
[quote]for example that subdirectories foo, bar and gaz should be skipped). I
think I've spoken about this before, but I don't remember what the
response to the idea were (perhaps just "Oh, nice, please implement!
:-) ).
[/quote]
well aside from that obvius suggestion :) maybe you should look at
duplicity? its rdiff-backup with encryption so it solves your security
concerns in a more useful and powerful way...

dave
Sorry, only registered users may post in this forum.

Click here to login