Another thing that I've used for secure backups of small numbers of files (config files usually): cron a script that tar's up the files that you want to backup, then gpg encrypts the tar file using your (or someone's public key), then emails the gpg encrypted file to yourself. Robert Simmons Systems Administrator http://www.wlcg.com/ On Fri, 31 Aug 2001, Kurt Seifried wrote:
Depends on how complicated your backups are. For example the client box tarball's it all up, one file to move, things are suddenly a lot different then maintaining a multi gigabyte file tree. Let's assume for a moment we're talking file trees with lots of different owners and perms, and no tarballs. Yes rsync needs to run as root on the server, to set file perms/etc, this can be somewhat mitigated by chroot'ing it (probably will be ok, but chroot can be broken out of by root, so some buffer overflow in rsync with a hostile client might be bad news). Basically any backup software will have to run as root to set file perms, setuid/setgid bits, yadayada (kernel capabilities and whatnot aside). Hopefully that software was built with this in mind and supports some nice controls (like only write/read files in /foo/backups/*).
Kurt