Server Backup

There are many ways to make a server backup, but we will use rsync (remote sync), bindfs, and rssh (restricted shell).

Create a backup user with restricted shell access

Install rssh:

apt list rssh
apt show rssh
apt install rssh

Create a user for backups that uses the restricted shell:

useradd apps_backup -m -s /usr/bin/rssh
ls -al /home/apps_backup/
grep apps_backup /etc/passwd

Edit /etc/rssh.conf to allow rsync and use a chroot jail for restricting access:
```
allowrsync
chrootpath = /home/apps_backup
```
Test that the shell of the user apps_backup is restricted:
```
su apps_backup
```

Create a read-only view of the parts of the filesystem that need to be backed up

Install bindfs:

apt list bindfs
apt show bindfs
apt install bindfs

Create mount directories:

mkdir -p /home/apps_backup/opt-scripts
mkdir -p /home/apps_backup/var-ds

Add these lines to /etc/fstab for mounting directories read-only:

/opt/docker-scripts /home/apps_backup/opt-scripts fuse.bindfs perms=0000:u=rD,force-user=apps_backup,force-group=nogroup 0 0
/var/ds /home/apps_backup/var-ds fuse.bindfs perms=0000:u=rD,force-user=apps_backup,force-group=nogroup 0 0

Mount them:

mount -a
ls -al /home/apps_backup/opt-scripts
ls -al /home/apps_backup/var-ds

Test that they are read-only:

sudo -u apps_backup ls -al /home/apps_backup/var-ds
sudo -u apps_backup touch /home/apps_backup/var-ds/test1.txt

References

http://jorgenmodin.net/index_html/how-to-create-a-read-only-view-of-files-to-back-up-with-e.g.-rsync

1.8 KiB Исходник Вина История

Server Backup

Create a backup user with restricted shell access

Create a read-only view of the parts of the filesystem that need to be backed up

References

1.8 KiB

Исходник Вина История