Home / server / Questions / 443327
In Process
Frerich Raabe
Asked: 2012-10-30 03:22:40 +0800 CST

Should backups be owned by root:backup?

  • 772

I have a central backup server running Debian which holds backups of various other hosts in the network, stored in a structure like

/media/backup/imap
/media/backup/wiki

With imap and wiki being hosts on our network. Right now, all files beneath /media/backup are owned by root:backup with 0750 permissions. What's annoying about this is that

  1. Every member of the backup user group can read all backups, including those of sensitive data (say: mails).
  2. Right now one of the administrator accounts (jim@backup) is used for restoring the backups. It's annoying that this functionality is bound to a particular user.

Does this setup make sense? If it doesn't, what's a better approach for organizing backups? One solution I've been considering is to have different system users per host, so there's e.g. imap@backup and wiki@backup. The files beneath /media/backup/imap would then be owned by imap:imap with 0700 permissions.

debian

1 Answers

  1. Then use rdiff-backup. This keeps the permissions

    http://www.nongnu.org/rdiff-backup/features.html

    Preserves all information: Whether you restore from the mirror directory or from an earlier incremental backup, rdiff-backup will reproduce your files exactly as they were. Files >missing at the time of backup will also be missing after the restore. Files hard linked when >backed up will be hard linked after the restore. rdiff-backup also preserves permissions, >user and group ownership, modification time, device files, fifos, and symlinks.

    • 1