* Jacob Yocom-Piatt <[EMAIL PROTECTED]> [2006-08-12 18:06]: > i have a script that runs on a single backup host and gathers dumps from other > machines on the network by ssh-ing into them as root using pubkey > authentication. allowing root access via ssh is, of course, not a good idea. > is > there an established method for keeping privileges lower when doing dumps, > i.e. > add a user who can dump and not using root to do this?
you don't need root to do backups, a member of group operator is sufficient. we add a special backup user to each machine and restrict the access via ssh key a fair little bit more, like from="dodonna.bsws.de",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3....... -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
