[ale] [ot] Xmpp, ejabberd question

mike at trausch.us mike at trausch.us
Fri Jan 13 09:43:38 EST 2012


On 01/12/2012 11:13 PM, Jim Kinney wrote:
> Create a backup user called <machine>bak for each machine and again on
> the backup machine so it has individual bak accounts. Use ssh keys and
> have each machine rsync to their own directory space. No more admin
> peeking on backups.

You could also multiplex jobs into a single user account, not dissimilar
to what gitosis does, such that you can SSH keys to authenticate against
a single user account, and depending on the key, run a helper script
that works for that user and only grants privileges based on which key
was used to handle the authentication.  This also means that the backup
account on the server would not actually be used for any sort of shell
access, and it also means that you would be able to setup a "master key"
for the backup operator, so that the backup operator can actually
perform tasks that require access to all of the backups themselves.

	--- Mike

-- 
A man who reasons deliberately, manages it better after studying Logic
than he could before, if he is sincere about it and has common sense.
                                   --- Carveth Read, “Logic”

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 729 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20120113/83c8c4e3/attachment-0001.bin 


More information about the Ale mailing list