On 11/13/11 13:03, Grant wrote: > >Then I could have the backup server pull > that copy from each system without giving it root access to each > system. Can I somehow have the correct ownerships for the backup > saved in a separate file for use during a restore? >
If you're intent on making a two-stage pull work; you can do it by creating a 'backups' user on your servers, and then using filesystem ACLs to grant backups+r to every file/directory you want to back up. That way, an attacker on the backup server can't decide to peruse the rest of your stuff. The easiest method, though, is to just add a third stage. Either move the backups on the backup server to another directory after the backup job completes, or sync/burn/whatever them off-site. In this case the backup server can't access anything you don't give it, and the individual servers can't trash their backed-up data.
