[TriLUG] Automated file copy security question

Jason Tower jason at cerient.net
Fri Oct 7 12:56:44 EDT 2005


for syncing data "pulling" is generally preferred to "pushing" since the 
client share can be read only.  even if your machine is compromised 
nothing happens to the client.

or you can use rsyncd w/ auth and chroot the connection to a specific 
directory on your server.  it's a push method but no shell access and 
chrooted rsync dir is pretty safe imho.  that's how i do things.

jason

Ron Joffe wrote:
> Hey folks, got a question for anyone with some insight:
> 
> I've got a number of customers spread out across the US. I want to copy a set 
> of data (a file for this discussion) from each customer to my own server on a 
> regular scheduled time.
> 
> My main concern is security. 
> 
> I can easily set up an rsync job utilizing ssh that will take care of this 
> issue. However my concern is this:
> 
> If I do a "push" from client to my site, and the client server gets 
> compromised, then my server may also be compromised. I know I can limit this 
> by limiting the shell capabilities of the user on my server.
> 
> If I do a "pull" from my site to my client, and my server gets compromised, 
> then my client's server may also be compromised.
> 
> Any suggestions, ideas, or methodologies?
> 
> Thanks,
> 
> Ron
> 



More information about the TriLUG mailing list