diff options
author | bescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2004-06-06 19:00:07 +0000 |
---|---|---|
committer | bescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2004-06-06 19:00:07 +0000 |
commit | ebe116f4b14449236cdb0d9b5f0686b9c3ee1c9b (patch) | |
tree | 7ccba73dc6969ee6830f00da64acd69ecaf282bb | |
parent | f5098c739a8b2ee70003f5406bb32ac558709269 (diff) | |
download | rdiff-backup-ebe116f4b14449236cdb0d9b5f0686b9c3ee1c9b.tar.gz |
Mentioned --restrict options under remote operation
git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup/branches/r0-12@552 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109
-rw-r--r-- | rdiff-backup/rdiff-backup.1 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/rdiff-backup/rdiff-backup.1 b/rdiff-backup/rdiff-backup.1 index bb25317..189e412 100644 --- a/rdiff-backup/rdiff-backup.1 +++ b/rdiff-backup/rdiff-backup.1 @@ -525,6 +525,20 @@ that in this man page...). And finally, to include a literal % in the string specified by --remote-schema, quote it with another %, as in %%. +Although ssh itself may be secure, using rdiff-backup in the default +way presents some security risks. For instance if the server is run +as root, then an attacker who compromised the client could then use +rdiff-backup to overwrite arbitary server files by "backing up" over +them. Such a setup can be made more secure by using the sshd +configuration option +.B command="rdiff-backup --server" +possibly along with the +.B --restrict* +options to rdiff-backup. For more information, see the web page, the +wiki, and the entries for the +.B --restrict* +options on this man page. + .SH FILE SELECTION .B rdiff-backup supports file selection options similar to (but different from) |