[TriLUG] Automated file copy security question
Jason Tower
jason at cerient.net
Fri Oct 7 12:56:44 EDT 2005
for syncing data "pulling" is generally preferred to "pushing" since the
client share can be read only. even if your machine is compromised
nothing happens to the client.
or you can use rsyncd w/ auth and chroot the connection to a specific
directory on your server. it's a push method but no shell access and
chrooted rsync dir is pretty safe imho. that's how i do things.
jason
Ron Joffe wrote:
> Hey folks, got a question for anyone with some insight:
>
> I've got a number of customers spread out across the US. I want to copy a set
> of data (a file for this discussion) from each customer to my own server on a
> regular scheduled time.
>
> My main concern is security.
>
> I can easily set up an rsync job utilizing ssh that will take care of this
> issue. However my concern is this:
>
> If I do a "push" from client to my site, and the client server gets
> compromised, then my server may also be compromised. I know I can limit this
> by limiting the shell capabilities of the user on my server.
>
> If I do a "pull" from my site to my client, and my server gets compromised,
> then my client's server may also be compromised.
>
> Any suggestions, ideas, or methodologies?
>
> Thanks,
>
> Ron
>
More information about the TriLUG
mailing list