Note: wilma admin has access to /home/* so root user must be trusted. If not trusted, then must use encryption on wilma for storage.<br><br><div class="gmail_quote">On Fri, Jan 13, 2012 at 11:51 AM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com">jim.kinney@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br><br><div class="gmail_quote"><div class="im">On Fri, Jan 13, 2012 at 9:36 AM, Tim Watts <span dir="ltr"><<a href="mailto:tim@cliftonfarm.org" target="_blank">tim@cliftonfarm.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Slick. but then how would you backup stuff that has narrow access<br>
like /etc/ssl/private for example ?<br></blockquote></div><div><br>Easy. The system being backed up has root access. The receiver machine provides storage, not root access. so root on fred goes to fredbak on wilma (the backup machine). wilma has /home/fredbak/<fred root tree as needed> <br>
</div><div><div class="h5"><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><div><br>
<br>
On Thu, 2012-01-12 at 23:13 -0500, Jim Kinney wrote:<br>
> Create a backup user called <machine>bak for each machine and again on<br>
> the backup machine so it has individual bak accounts. Use ssh keys and<br>
> have each machine rsync to their own directory space. No more admin<br>
> peeking on backups.<br>
><br>
> On Jan 12, 2012 11:08 PM, "Wolf Halton" <<a href="mailto:wolf.halton@gmail.com" target="_blank">wolf.halton@gmail.com</a>> wrote:<br>
><br>
><br>
> On Tue, Dec 27, 2011 at 4:27 PM, Jim Kinney<br>
> <<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>> wrote:<br>
> I stand happily corrected!<br>
><br>
> old habits die hard. My first foray into rsync<br>
> required -e ssh and I guess I just glossed over<br>
> reading that it now the default. I've never used it on<br>
> a network where ssh was NOT in use :-)<br>
><br>
><br>
> On Tue, Dec 27, 2011 at 10:42 AM, Brian Mathis<br>
> <<a href="mailto:brian.mathis%2Bale@betteradmin.com" target="_blank">brian.mathis+ale@betteradmin.com</a>> wrote:<br>
> As of rsync 2.6 (1 Jan 2004)<br>
><br>
> <a href="http://rsync.samba.org/ftp/rsync/src/rsync-2.6.0-NEWS" target="_blank">http://rsync.samba.org/ftp/rsync/src/rsync-2.6.0-NEWS</a><br>
><br>
> The man page since then has said (under<br>
> SETUP):<br>
> For remote transfers, a modern rsync uses<br>
> ssh for its communications [1]<br>
> and the -e section says:<br>
> Typically, rsync is configured to use ssh<br>
> by default<br>
><br>
> -e can come in handy if you want to pass other<br>
> options to ssh, such as<br>
> changing the port or encryption cipher.<br>
><br>
><br>
> [1]<br>
> <a href="http://sunsite.ualberta.ca/Documentation/Misc/rsync-2.6.6/rsync.1.html#lbAF" target="_blank">http://sunsite.ualberta.ca/Documentation/Misc/rsync-2.6.6/rsync.1.html#lbAF</a><br>
><br>
> ❧ Brian Mathis<br>
><br>
><br>
> On Tue, Dec 27, 2011 at 10:15 AM, Jim Kinney<br>
> <<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>> wrote:<br>
> > Hmm. Someone needs to update the rsync man<br>
> pages to reflect -e default is<br>
> > ssh<br>
> ><br>
> > On Dec 27, 2011 10:12 AM, "Brian Mathis"<br>
> <<a href="mailto:brian.mathis%2Bale@betteradmin.com" target="_blank">brian.mathis+ale@betteradmin.com</a>><br>
> > wrote:<br>
> >> There's no need for the -e stuff for a long<br>
> time now. Rsync uses ssh<br>
> >> by default on all modern versions. You get<br>
> the same effect using the<br>
> >> simpler form of:<br>
> >><br>
> >> rsync -P file.to.transfer<br>
> username@remote.host:/path/store/file/<br>
> >><br>
> >> ❧ Brian Mathis<br>
> >><br>
> >> On Mon, Dec 26, 2011 at 11:44 PM, James<br>
> Sumners <<a href="mailto:james.sumners@gmail.com" target="_blank">james.sumners@gmail.com</a>><br>
> >> wrote:<br>
> >> > XMPP is really not the right tool for<br>
> this. Rsync is what you want:<br>
> >> ><br>
> >> > $ rsync -P -e "ssh -l username"<br>
> file.to.transfer<br>
> >> > remote.host:/path/store/file/<br>
> >> ><br>
> >> > Where "username" is the SSH user you will<br>
> be using to transfer the file.<br>
> >> ><br>
> >> > On Monday, December 26, 2011, Wolf Halton<br>
> <<a href="mailto:wolf.halton@gmail.com" target="_blank">wolf.halton@gmail.com</a>> wrote:<br>
> >> >> What would be wrong with using xmpp as a<br>
> transfer protocol for moving<br>
> >> >> backups of tarred files? I have used scp<br>
> for this purpose, but if the<br>
> >> >> tunnel<br>
> >> >> is broken, the file is corrupted. From<br>
> what I have been reading, if a<br>
> >> >> session drops in xmpp, it picks up where<br>
> it was dropped and continues.<br>
> >> >> I am<br>
> >> >> working inside a c-class private subnet.<br>
> >> >><br>
> >> >> <a href="http://sourcefreedom.com" target="_blank">http://sourcefreedom.com</a><br>
><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
><br>
><br>
><br>
><br>
> --<br>
> --<br>
> James P. Kinney III<br>
><br>
> As long as the general population is passive,<br>
> apathetic, diverted to consumerism or hatred of the<br>
> vulnerable, then the powerful can do as they please,<br>
> and those who survive will be left to contemplate the<br>
> outcome.<br>
> - 2011 Noam Chomsky<br>
><br>
> <a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br>
><br>
> Thanks for this string. It has helped me speed up my custom<br>
> back-up thing. I am using "rsync -av here there" and it is<br>
> doing great. I am using moosefs to mount storage on each<br>
> client and rsyncing from my collection point to the remote<br>
> server storage. This is far easier to sort out though it is<br>
> somewhat insecure, since each root user from each of the<br>
> machines can look at all of the tar-kives.<br>
><br>
> Wolf<br>
><br>
> --<br>
> This Apt Has Super Cow Powers - <a href="http://sourcefreedom.com" target="_blank">http://sourcefreedom.com</a><br>
> Advancing Libraries Together - <a href="http://LYRASIS.org" target="_blank">http://LYRASIS.org</a><br>
><br>
><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br>
</div></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div></div></div><div class="HOEnZb"><div class="h5"><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br><br>As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as
they please, and those who survive will be left to contemplate the
outcome.<br>- <i><i><i><i>2011 Noam Chomsky<br><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br><br>As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as
they please, and those who survive will be left to contemplate the
outcome.<br>- <i><i><i><i>2011 Noam Chomsky<br><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i><br>