Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
Rsnapshot - Rsyncrypto integration README ----------------------------------------- Suppose you want to use rsnapshot to backup host A onto host B's storage. The standard configurations all require a passwordless remote root ssh log-in, because rsnapshot really wants to be root on both the source and destination machines. There are facilities for limiting what the remote root can do, but the idea might still give you the heebie-jeebies. Here's an alternative solution: rsnapshot runs as root on host B, but pulls from host A as a non-root user. This user, by definition, can only succesfully backup world-readable (or group-readable for the right group) files. To facilitate backing up other files, a cron job on host A users rsyncrypto to make encrypted but publicly-readable versions of the non-world-readable files. The cyphertext copies are then backed up remotely by rsnapshot. Benefits: * No need for remote root log in anywhere * Host A can keep file contents secret from host B Disadvantages: * There's an extra step in restoring from rsnapshot: The snapshot contains the cyphertext, you have to use the rsyncrypto tools to recover the plain text. * You have to manage the rsyncrypto keys. If host A fully trusts host B, the keys can be backed up as part of rsnapshot's normal operation, but otherwise host A needs a separate key backup. It's not perfect, but it's a workable approach. User FOO's crontab: MAILTO="" # m h dom mon dow command 45 * * * * /home/FOO/bin/do-rsyncrypto.user Root's crontab: # m h dom mon dow command MAILTO="" 45 * * * * root /root/do-rsyncrypto The files do-rsyncrypto and do-rsyncrypto.user are part of this Git repository. They're just templates; your configuration will probably differ. There's one main gotcha with the rsyncrypto configuration: You must make sure that the cyphertext files are NOT included in rsyncrypto's backups, or else you'll have (exponentially many) encrypted backups of your encrypted backups of... -- Eric Anderson http://www.ece.cmu.edu/~andersoe/