backup /home over sftp - root

ropchain

2/9/24, 3:30 PM

My current task is to set up a (remote) backup (using rsync/rsnapshot) over sftp of /home (linux). Obviously some files are read only for the owner (ie -r-------; and should stay that way) so i guess I'll need the root user to back up those files. Setting up an rsync daemon seems also too insecure to me.

However, I do hesitate to use an ssh key for that purpose due to security concerns (if the backup server get's owned the attacker will have direct shells to other servers). I was thinking of creating a backup user with chroot sftp (as suggested Chroot SFTP - Possible to allow user to write to current (chroot) directory) but I guess I'd cripple my root user as I would loose shell access :(.

What setup would you suggest?

0 + 4

security

backup

rsync

sftp

djdomi

2/9/24, 7:55 PM

it depends on how you want to use the most way. I could think about a cenario where you could use a single user for each user with its own key, and then copy via cronjob on the main server to the correct destination

ropchain

2/10/24, 12:53 PM

that would work technically, however this solution would not scale (i.e. create a lot of manual effort an maintenance) as I'd lots of keys and lots of crontab edits

djdomi

2/13/24, 12:45 PM

well on one site you will need to have a root shell. on the other side, you can have just one user for all on different sub directories.

djdomi

2/13/24, 12:46 PM

Does this answer your question? [Limited SSH access for log retrieval](https://serverfault.com/questions/507878/limited-ssh-access-for-log-retrieval)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: backup /home over sftp - root

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.