Login or Register to Ask a Question and Join Our Community


Cybersecurity

Permissions for Backup user to rsync files

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Permissions for Backup user to rsync files
# 1  
Old 04-05-2011
Permissions for Backup user to rsync files
I've got a new MythTV box at home and figured it would be a great opportunity to use it to do daily mirrors of my mysqlbackup directory (let's say /mysqlbackup/backups) and my website at /usr/local/apache/htdocs and below.

I figured it would be a best practice NOT to use a root login but to create a user (say dhebackup). The Myth box would rsync in as that user.

I'm not 100% up on permissions (way lower!) so I'm wondering if I need to do anything permission-wise, group-wise, etc. to give the backup user access to those dirs and sub dirs only without affecting any of the other users (root, apache, etc) that would need access to those dirs.

Thanks for any pointers.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Command to change add permissions for a new user to all files in all subfolders and folders

Hi there! I'm new to Unix and haven't done command line stuff since MS-Dos and Turbo Pascal (hah!), I would love some help figuring out this basic command (what I assume is basic). I'd like to add a User to the permissions of all files in a folder and all files in all subfolders, as well... (9 Replies)
Discussion started by: Janjbrt
9 Replies

2. UNIX for Dummies Questions & Answers

Backup solution using rsync

Hello All, I am looking at a fast way to script some backups. I am looking at using rsync to do the leg work. I am having a hard time conceiving a script though. I have a tree with subfolders within subfolders. I was looking at the /xd option to parse the tree. Directory of k:\ ... (4 Replies)
Discussion started by: jvamos
4 Replies

3. Shell Programming and Scripting

Rsync better use for backup

Hello, I have a list of working directory in a remote computer acesssible through ssh and the same directory structure in my home directory of my laptop. I sometimes work on both my laptop and my this other computer. I usually use Rsync this way to synchronize files rsync... (5 Replies)
Discussion started by: ajayram
5 Replies

4. Linux

Default user:group permissions while creating files and directories

Hi, I am working on setup a environment where only a specific user can upload the builds on htdocs of apache. Now i want that a specific user can copy the builds on htdocs folder. I created a group "deploy" and assign user1 and user2 to this group. On Apache side i mentioned User=deploy... (3 Replies)
Discussion started by: sunnysthakur
3 Replies

5. AIX

rsync backup root files

Hi, I am trying to use rsync utility through ssh to synchronize some root files of 2 servers. I have a rsyncusr user in each server. I configured ssh with no password. I set NOPASSWD in the /etc/sudoers file: rsyncusr ALL= NOPASSWD:/usr/bin/rsync In order to make rsync able to sudo and be... (2 Replies)
Discussion started by: samalogo
2 Replies

6. Shell Programming and Scripting

rsync backup mode(--backup) Are there any options to remove backup folders on successful deployment?

Hi Everyone, we are running rsync with --backup mode, Are there any rsync options to remove backup folders on successful deployment? Thanks in adv. (0 Replies)
Discussion started by: MVEERA
0 Replies

7. Shell Programming and Scripting

Rsync backup

How do i use Rsync yo pickup only new or modified files from source? I am using rsync -ravzpotu --delete-excluded but sometimes it goes thru all files again (5 Replies)
Discussion started by: sprool
5 Replies

8. Shell Programming and Scripting

Does rsync has option to backup only new updates files on different dir

Hi I would like to ask if rsync has an option of backing up the new or updated files on different destination dir( only the new or updated files will be copied to the a different dir) just like option --backup-dir but this is for backup files. Thanks for any response. (1 Reply)
Discussion started by: jao_madn
1 Replies

9. OS X (Apple)

rsync is changing permissions

I have the following command. This is meant to download all files from my server to the Downloads folder of my startup drive: /usr/local/bin/rsync -avve ssh --numeric-ids --delete --ignore-errors -R grndlvl@myserver.com:/usr/home/./grndlvl grndlvl@myserver.com:/usr/home/./grndlvl/mail_boxes/... (8 Replies)
Discussion started by: rlinsurf
8 Replies

10. HP-UX

FTP user files permissions problems!!!

Hi, I have a problem with my ftp accounts whereby if any external ftp party connects to our server and puts any file in a directory on our server. The file permissons are always -rw-r----- and no read for others. I have adjusted the ftp user .profile to include 'umask 022' but this only works... (3 Replies)
Discussion started by: budrito
3 Replies
Login or Register to Ask a Question

LEARN ABOUT NETBSD

security.conf

SECURITY.CONF(5)					      BSD File Formats Manual						  SECURITY.CONF(5)

NAME

     security.conf -- daily security check configuration file

DESCRIPTION

     The security.conf file specifies which of the standard /etc/security services are performed.  The /etc/security script is run, by default,
     every night from /etc/daily, on a NetBSD system, if configured do to so from /etc/daily.conf.

     The variables described below can be set to "NO" to disable the test:

     check_passwd		This checks the /etc/master.passwd file for inconsistencies.

     check_group		This checks the /etc/group file for inconsistencies.

     check_rootdotfiles 	This checks the root users startup files for sane settings of $PATH and umask.	This test is not fail safe and any
				warning generated from this should be checked for correctness.

     check_ftpusers		This checks that the correct users are in the /etc/ftpusers file.

     check_aliases		This checks for security problems in the /etc/mail/aliases file.  For backward compatibility, /etc/aliases will be
				checked as well if exists.

     check_rhosts		This checks for system and user rhosts files with "+" in them.

     check_homes		This checks that home directories are owned by the correct user, and have appropriate permissions.

     check_varmail		This checks that the correct user owns mail in /var/mail, and that the mail box has the right permissions.

     check_nfs			This checks that the /etc/exports file does not export filesystems to the world.

     check_devices		This checks for changes to devices and setuid files.

     check_mtree		This runs mtree(8) to ensure that the system is installed correctly.  The following configuration files are
				checked:

				/etc/mtree/special
				      Default files to check.

				/etc/mtree/special.local
				      Local site additions and overrides.

				/etc/mtree/DIR.secure
				      Specification for the directory DIR.

     check_disklabels		Backup text copies of the disklabels of available disk drives into /var/backups/work/disklabel.XXX, and display
				any differences in those and the previous copies as per check_changelist below.  If fdisk(8) is available on the
				current platform, the output of /sbin/fdisk for each available disk drive is stored in
				/var/backups/work/fdisk.XXX, and any differences displayed as per the disklabels.

     check_pkgs 		This stores a list of all installed pkgs into /var/backups/work/pkgs and checks it for any changes.

     check_changelist		This determines a list of files from the contents of /etc/changelist, and the output of mtree -D for
				/etc/mtree/special and /etc/mtree/special.local.  For each file in the list it compares the files with their back-
				ups in /var/backups/file.current and /var/backups/file.backup, and displays any differences found.  The following
				mtree(8) tags modify how files are determined from /etc/mtree/special and /etc/mtree/special.local:

				      exclude  The entry is ignored; no backups are made and the differences are not displayed.  This includes
					       dynamic or binary files such as /var/run/utmp.

				      nodiff   The entry is backed up but the differences are not displayed because the contents of the file are
					       sensitive.  This includes files such as /etc/master.passwd.

     check_pkg_vulnerabilities	Checks the currently installed packages against a database of known vulnerabilities and reports those that are
				vulnerable.  Check the fetch_pkg_vulnerabilities setting in daily.conf(5) to keep the database up to date.

     check_pkg_signatures	Checks the digital signature of all files installed by packages against the expected values stored in the packages
				database.

     The variables described below can be set to modify the tests:

     check_homes_permit_usergroups
		    During the check_homes phase, allow the checked files to be group-writable if the group name is the same as the username.

     check_devices_ignore_fstypes
		    Lists filesystem types to ignore during the check_devices phase.  Prefixing the type with a '!' inverts the match.	For exam-
		    ple, 'procfs !local' will ignore 'procfs' type filesystems and filesystems that are not 'local'.

     check_devices_ignore_paths
		    Lists pathnames to ignore during the check_devices phase.  Prefixing the path with a '!' inverts the match.  For example,
		    '/tftp' will ignore paths under /tftp while '!/home' will ignore paths that are not under /home.

     check_mtree_follow_symlinks
		    During the check_mtree phase, instruct mtree to follow symbolic links.  Please note, this may cause the check_mtree phase to
		    report errors for entries for these symbolic links (i.e. of type=link in the mtree specification) as they will always appear
		    to be plain files for the purposes of the check.  /etc/mtree/special.local may be used to override the checks for the affected
		    links.

     check_passwd_nowarn_shells
		    If check_passwd is enabled, most warnings will be suppressed for entries whose shells are listed in this space-separated list.
		    This is of particular value when those shells are not in /etc/shells.

     check_passwd_nowarn_users
		    If check_passwd is enabled, suppress warnings for these users.

     check_passwd_permit_nonalpha
		    If check_passwd is enabled, do not warn about login names which use non-alphanumeric characters.

     check_passwd_permit_star
		    If check_passwd is enabled, do not warn about password fields set to ``*''.  Note that the use of password fields such as
		    ``*ssh'' is encouraged, instead.

     max_grouplen   If check_group is enabled, this determines the maximum permitted length of group names.

     max_loginlen   If check_passwd is enabled, this determines the maximum permitted length of login names.

     backup_dir     Change the backup directory from /var/backup.

     diff_options   Specify the options passed to diff(1) when it is invoked to show changes made to system files.  Defaults to ``-u'', for uni-
		    fied-format context-diffs.

     pkgdb_dir	    DEPRECATED.  Please set PKGDB_DIR in pkg_install.conf(5) instead.

		    If defined, points to the location of the packages database.  Defaults to /var/db/pkg.

     backup_uses_rcs
		    Use rcs(1) for maintaining backup copies of files noted in check_devices, check_disklabels, check_pkgs, and check_changelist
		    instead of just keeping a current copy and a backup copy.

FILES

     /etc/defaults/security.conf  defaults for /etc/security.conf
     /etc/security		  daily security check script
     /etc/security.conf 	  daily security check configuration
     /etc/security.local	  local site additions to /etc/security

SEE ALSO

     daily.conf(5)

HISTORY

     The security.conf file appeared in NetBSD 1.3.  The check_disklabels functionality was added in NetBSD 1.4.  The backup_uses_rcs and
     check_pkgs features were added in NetBSD 1.6.  diff_options appeared in NetBSD 2.0; prior to that, traditional-format (context free) diffs
     were generated.

BSD
								 February 5, 2010							       BSD