From owner-freebsd-questions Mon Jan 12 12:31:03 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id MAA25275 for questions-outgoing; Mon, 12 Jan 1998 12:31:03 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from plains.NoDak.edu (tinguely@plains.NoDak.edu [134.129.111.64]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA25249 for ; Mon, 12 Jan 1998 12:30:43 -0800 (PST) (envelope-from tinguely@plains.NoDak.edu) Received: (from tinguely@localhost) by plains.NoDak.edu (8.8.8/8.8.8) id OAA21370; Mon, 12 Jan 1998 14:29:56 -0600 (CST) Date: Mon, 12 Jan 1998 14:29:56 -0600 (CST) From: Mark Tinguely Message-Id: <199801122029.OAA21370@plains.NoDak.edu> To: dlr@insane.asylum.org, questions@FreeBSD.ORG Subject: Re: Remote dump Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > As i look into this more it seems like an increased security risk. Is there > another way of doing it? I have one 8mm exabyte tape drive and would like to > backup three freebsd boxes without totally leaving the network wide open. I've > got sshd and tcp_wrappers installed and working also. Perhaps the best solution > would be to have each machine have it own backup... I use a seperate non-priviledged account and group (remtape) on the tape server and backup clients. remtape account on all machines have an invalid passwords ("*" in the password field in the file master.passwd) . I changed the permissions on /sbin/rdump to be set-uid to root and ONLY executable by root and the remtape group (setting the uid to root opens a security hole, so restrict this to remtape). change the ownership of /etc/dumpdates to remtape.remtape. The raw devices that need to be backed up are readable by the remtape group. If you want to tighten the security holes, a person can limit the lifetime of the .rhosts files (listed below), put a restricted shell on remtape, or put a network wrapper on the remote shell facility. The rematape account on each client machine has the .rhosts entry of: tape_server.domain remtape On the tape server machine, the .rhosts for remtape is available for the time of the backup (cron just before running the backup from cron). This could be done on the clients as well. the advantage of using a non-priviledged account over rhost-ed root accounts is if for some reason someone does comprimised your remtape account they could at worse read your drives, but they can't trash your system (unless they crack your /etc/master.passwd passwords after, but then you could argue they could snoop the net while backup was in progress and do the same thing). --mark.