Hello,
I am going to be running an:
rsync -av --delete $source user@host:$destination
from one system to another.
The problem is, $destination is a variable given by a
script, and over time, many such rsync commands with
many such variables will be run.
I lay awake at night wondering what would happen if
someone plugged in a broken $destination, and my
nightly rsync proceeded to delete everything on the
destination ...
For instance, what if the destination is normally:
/home/users/joe
and someone has an extra (space) character, or
otherwise screws up the entry, and one night we run
with a destination of:
/
all of joe would get backed up, but everything else
would be --delete'd.
So my question is, is there any mechanism in the rsync
arguments that lets me explicitly tell it "don't start
below /home/users"
So no matter what the destination variable ends up
being (broken or not) the damage is restricted to
things inside of /home/users, and _no matter what_
there is no possibility of --delete'ing anything below
that ?
Comments ?
I have considered running a jail on the destination
and backing up to the jails IP instead of the actual
servers IP, but that seems unnecessarily complex. I
am hoping this can be done with normal rsync
arguments...
Thanks!
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
On Fri, 2008-02-29 at 14:14 -0800, Juri Mianovich wrote:> So no matter what the destination variable ends up > being (broken or not) the damage is restricted to > things inside of /home/users, and _no matter what_ > there is no possibility of --delete'ing anything below > that ? > > I have considered running a jail on the destination > and backing up to the jails IP instead of the actual > servers IP, but that seems unnecessarily complex. I > am hoping this can be done with normal rsync > arguments...You could use either the "support/rrsync" script that comes in the rsync source package or an rsync daemon (see the rsyncd.conf(5) man page) to confine access to /home/users . Matt
On Fri, Feb 29, 2008 at 02:14:20PM -0800, Juri Mianovich wrote:> I lay awake at night wondering what would happen if > someone plugged in a broken $destination, and my > nightly rsync proceeded to delete everything on the > destination ...You can make your script validate the args before using them. E.g.: case "$destination" in *\ *) echo 'no spaces allowed'; exit 1 ;; /home/users/*) ;; # OK *) echo 'dest not in /home/users'; exit 1 ;; esac In rsync 3, you can use the --protect-args option to ensure that no space-splitting of filenames/dirnames accidentally happens (since it sends most of the args over the socket after the remote rsync starts). And, as Matt pointed out, using an rsync daemon module can also help. ..wayne..
Reasonably Related Threads
- Embedding com32 modules and ldlinux.sys into one file
- [PATCH AUTOSEL 5.1 028/186] drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration
- [PATCH AUTOSEL 5.0 026/173] drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration
- [PATCH AUTOSEL 4.19 021/141] drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration
- [PATCH AUTOSEL 4.14 18/99] drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration