[lug] Backup system ideas
Lee Woodworth
blug-mail at duboulder.com
Thu May 26 20:28:32 MDT 2005
Ben Luey wrote:
> I've been looking at dirvish, (thanks for the info) and it looks really
> cool as a backup system. I wondering about security, though: the howto
> suggests using ssh keys so the backup computer can login to the main
> computer *as root* without a password and then you can cron the dirvish
> backup on the backup-computer. This strikes me as a bad idea since then if
> someone hacks the backup server, they have full access to the main server.
> Is there a way around this? I've been compressing my data on the main
> server to a file and rsyncing that file with a cron script, but the backup
> computer logins in (w/o password) as a very restricted user. If I create a
> dirvish user on the main server, that user has to have read access to
> everything I want to backup, which isn't trivial in my case. Can you setup
> dirvish to be pushed from the main server, instead of from the backup
> server, so then the server just needs a ssh key to someone with disk space
> on the backup computer?
Maybe you could reverse the rsync direction and drive it from the main server?
A break-in on the backup would only get the root public key which can't
be used for initiating an ssh connection.
Having ssh keys allows for other things as well, such as backing up a database
remotely (executed from the main server):
ssh postgres at 1.2.3.4 pg_dump -v --clean somedb \
2> /backup/somedb.$YYMMDD.err | \
gzip - > /backup/somedb.$YYMMDD.sql.gz
You also need some local commands to clean up old versions
of the error log and database.
>
> Any ideas? I'd like to try it if I could trust it.
>
> Thanks,
>
> Ben
>
>
>
>>Warren Sanders wrote:
>>
>>
>>>rsync! Here is a classy take on rsync: http://www.dirvish.org/
>>
>>Wow...
>>
>>I decided to give dirvish a whirl (pun intended!) on a couple of home
>>machines just to see how it did, and I'm impressed.
>>
>>That's really damn cool.
>>
>>I just decided to set up a cronjob for that and leave it running on the
>>internal big disk machine -- now it'll grab snapshots of the other two
>>boxes nightly.
>>
>>Slick. We'll see how it handles errors and dumb stuff like machines
>>being off, etc... over time...
>>
>>Nate
>>_______________________________________________
>>Web Page: http://lug.boulder.co.us
>>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>>
>
>
>
More information about the LUG
mailing list