>> > You have to grant root rsync access to the backuppc user on the >> > server. >> >> Isn't that a gaping security hole? I think this amounts to granting >> the backup server root read access (and write access if you want to >> restore) on each client? > > How can you backup system files without root read access? You are granting > this to s specific user, one without a login shell, on the server.
If the backup server is infiltrated, the infiltrator would have root read access to each of the clients, correct? If the clients push to the backup server instead, their access on the server can be restricted to the backup directory. - Grant
