From owner-freebsd-questions@FreeBSD.ORG  Tue Dec 12 23:07:55 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3AAC316A4B3
	for <freebsd-questions@freebsd.org>;
	Tue, 12 Dec 2006 23:07:55 +0000 (UTC)
	(envelope-from list@museum.rain.com)
Received: from ns.umpquanet.com (ns.umpquanet.com [63.105.30.37])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D510A44FDF
	for <freebsd-questions@freebsd.org>;
	Tue, 12 Dec 2006 22:37:27 +0000 (GMT)
	(envelope-from list@museum.rain.com)
Received: from ns.umpquanet.com (localhost [127.0.0.1])
	by ns.umpquanet.com (8.13.8/8.13.8) with ESMTP id kBCMct1I029954;
	Tue, 12 Dec 2006 14:38:55 -0800 (PST)
	(envelope-from list@museum.rain.com)
Received: (from james@localhost)
	by ns.umpquanet.com (8.13.8/8.13.8/Submit) id kBCMctWa029953;
	Tue, 12 Dec 2006 14:38:55 -0800 (PST)
	(envelope-from list@museum.rain.com)
Date: Tue, 12 Dec 2006 14:38:55 -0800
From: James Long <list@museum.rain.com>
To: freebsd-questions@freebsd.org, arun@dasmax.com
Message-ID: <20061212223854.GA26718@ns.umpquanet.com>
References: <20061212214525.2C68D16A5A2@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20061212214525.2C68D16A5A2@hub.freebsd.org>
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: 
Subject: RE: FreeBSD Backup
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2006 23:07:55 -0000

> Date: Tue, 12 Dec 2006 07:05:18 -0800 (PST)
> From: probsd org <probsdorg@yahoo.com>
> Subject: RE: FreeBSD Backup
> To: freebsd-questions@freebsd.org
> Message-ID: <20061212150519.65264.qmail@web52409.mail.yahoo.com>
> Content-Type: text/plain; charset=iso-8859-1
> 
> This is assuming you have another account on another freebsd/linux box with a significant amount of space. Works great on a live filesystem. I use /, /var, /tmp, and /usr as examples.
>    
>   dump -L -0f - /usr | ssh -C login@other-freebsd-server "cat > /usr/home/login/usr.dump"
>   dump -L -0f - /tmp | ssh -C login@other-freebsd-server "cat > /usr/home/login/tmp.dump"
>   dump -L -0f - /var | ssh -C login@other-freebsd-server "cat > /usr/home/login/var.dump"
>   dump -L -0f - / | ssh -C login@other-freebsd-server "cat > /usr/home/login/root.dump"

Watch your umask when doing stuff like the above.  If /usr/home/login 
is world-readable (or group-readable), and your umask permits 
world-readable files, then all your secure chown root / chmod 600 
files are suddenly world readable to any rogueuser that can 
"cp /usr/home/login/root.dump ~rogueuser/".

I prefer to explicitly set the umask:

dump -L -0f - / | ssh -i ~root/.ssh/special_backup_dsa_key \
  login@other-freebsd-server "umask 177; cat > /usr/home/login/root.dump"

One could/should of course also "chmod 700 /usr/home/login"