Re: Need advice on remote backups

["Taylor, ForrestX" <forrestx taylor intel com>]

Adrian Burd wrote:
> I have a need to set up a remote backup system and was wondering what
> is the best best way to do this.
>
> I've looked into the following, where 
>
>   machine1 = machine with the directories that need to be backed up
>   tape-machine = machine with tape drive attached
>
>  1) Set up so that the directories on machine1 are nfs mounted on
>     tape-machine and then do a normal tar, cpio, dump or whatever. The
>     problem with this seems to be maintaining security for the
>     files. By default, root on the tape-machine cannot access the user
>     files on machine1 so either
>    
>         a) one changes the default permissions on the files - a
>         solution I don't like since the tape-machine may be used by
>         others. 
>
>         b) change the permissions on the tape device /dev/st0 to allow
>         the humble user (me) to read/write to the tape. Are there any
>         problems with this?

c) add no_root_squash to the exports on machine1.  This has obvious 
security holes, but it will allow root on tape-machine to access files 
on machine1 with root permissions.

>  2) Set up to allow a remote dump from machine1 to the
>     tape-machine. I've set up a system like this before, but then the
>     whole network was behind a very secure firewall. I'd presumably
>     have to allow root to perform actions on the remote machine (using
>     rhosts) and that's something I'm a little loathe to do unless
>     there's a way to do it safely.

Instead of using rhosts/rsh/rcp, use the ssh equivalents (ssh, scp, 
sftp, ssh keys, etc.).  It is much more secure than rhosts.

Forrest
--