From owner-freebsd-questions@FreeBSD.ORG Fri Oct 29 14:19:33 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6090416A4CE for ; Fri, 29 Oct 2004 14:19:33 +0000 (GMT) Received: from ei.bzerk.org (ei.xs4all.nl [213.84.67.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F43643D31 for ; Fri, 29 Oct 2004 14:19:32 +0000 (GMT) (envelope-from mail25@bzerk.org) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.13.1/8.13.1) with ESMTP id i9TEKg2E015017; Fri, 29 Oct 2004 16:20:42 +0200 (CEST) (envelope-from mail25@bzerk.org) Received: (from bulk@localhost) by ei.bzerk.org (8.13.1/8.13.1/Submit) id i9TEKgWP015016; Fri, 29 Oct 2004 16:20:42 +0200 (CEST) (envelope-from mail25@bzerk.org) Date: Fri, 29 Oct 2004 16:20:42 +0200 From: Ruben de Groot To: Gabriel Ambuehl Message-ID: <20041029142042.GA14912@ei.bzerk.org> References: <689835538.20041029142356@buz.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <689835538.20041029142356@buz.ch> User-Agent: Mutt/1.4.2.1i X-Spam-Status: No, score=-2.3 required=5.0 tests=ALL_TRUSTED, FROM_ENDS_IN_NUMS autolearn=failed version=3.0.0 X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on ei.bzerk.org cc: questions@freebsd.org Subject: Re: Read only access to ALL files? Or: how do I safely backup the complete system to an offsite machine? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Oct 2004 14:19:33 -0000 On Fri, Oct 29, 2004 at 02:23:56PM +0200, Gabriel Ambuehl typed: > Hi, > I'm wondering if there is any way to have read only access to the whole > system for an user on STABLE (I have some ideas how to achieve it on > CURRENT but I don't consider that ready for production use just now)? > > Specifically, I want to be able to ssh in from the backup server and > fetch all files with rsync without having to give the backup server > full root access to all other machines (for obvious reasons). > > There's obviously a hack involving NFS and read only/maproot=root > but seeing that the backup server is offsite, I have to use ssh for > transport and would rather not resort to VPN hackery... > > Or maybe someone knows of a rsync version that is safe to be run a > suid root as it won't ever change anything on the filesystem? Users in the group "operators" have read-only access to the raw disk-devices in /dev. These devices are used by dump(8). All other backup strategies (tar, cpio, rsync, ..) work on the filesystem itself rather than the underlying device and will need root access. Ruben