diff options
author | bescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2004-06-06 18:57:38 +0000 |
---|---|---|
committer | bescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2004-06-06 18:57:38 +0000 |
commit | e231a924e40a37721ede15ba68d29ae7ea352854 (patch) | |
tree | 445d475b3eaa3384787ec40f64b3d1bfb5ddac22 | |
parent | 46fa1efb5620dfff72362926cb80e432c1f464da (diff) | |
download | rdiff-backup-e231a924e40a37721ede15ba68d29ae7ea352854.tar.gz |
Added mention of --restrict options to remote operation section
git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup/trunk@550 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109
-rw-r--r-- | rdiff-backup/rdiff-backup.1 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/rdiff-backup/rdiff-backup.1 b/rdiff-backup/rdiff-backup.1 index acab521..19db74a 100644 --- a/rdiff-backup/rdiff-backup.1 +++ b/rdiff-backup/rdiff-backup.1 @@ -520,6 +520,20 @@ that in this man page...). And finally, to include a literal % in the string specified by --remote-schema, quote it with another %, as in %%. +Although ssh itself may be secure, using rdiff-backup in the default +way presents some security risks. For instance if the server is run +as root, then an attacker who compromised the client could then use +rdiff-backup to overwrite arbitary server files by "backing up" over +them. Such a setup can be made more secure by using the sshd +configuration option +.B command="rdiff-backup --server" +possibly along with the +.B --restrict* +options to rdiff-backup. For more information, see the web page, the +wiki, and entries for the +.B --restrict* +options on this man page. + .SH FILE SELECTION .B rdiff-backup supports file selection options similar to (but different from) |