[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

limited keys (-r, -w), remote pruning



Greetings

Wondering If anyone could help me with a solution I'm hoping to get working.

The way I run tarsnap currently is in short that I have cron run daily 
backups. The same cron scripts (on the same machine) also prunes selected old 
archives, leaving me a backup history of suitable intervals.

For this I use "full" tarsnap keys, which is what I would like to avoid. What 
I instead would like is if I only needed to use limited keys, with read- and 
write permissions, but without the delete permission. That way a potential 
intruder at least wouldn't be able to ruin my backups.

As I still want to be able to prune selected intervals I will now have to that 
from another (more trusted) computer. Doing that puts the cache folder on he 
original backup machine out of sync, preventing me from doing any more backups 
on it until I have rebuild its cache folders.

Of course, to rebuild the cache I have to run --fsck, which requires a key 
with the delete permission, which is what I'm trying to avoid.

(Yes, one workaround is to rsync the cache folder from the prune machine to 
the machine being backed up. Still, that doesn't feel like a stable solution 
in the long run if you want your backups to continue automatically.)

Yes, that is my problem. Are there any solution I have missed?

cperciva: Or would it perhaps be possible to add an option to tarsnap, 
allowing the rebuild of a cache folder without having the delete permission? 
Merely working on the local cache folder wouldn't require anything else than a 
read permission against the tarsnap archives, would it?

// Andreas

Attachment: signature.asc
Description: This is a digitally signed message part.