Greetings Wondering If anyone could help me with a solution I'm hoping to get working. The way I run tarsnap currently is in short that I have cron run daily backups. The same cron scripts (on the same machine) also prunes selected old archives, leaving me a backup history of suitable intervals. For this I use "full" tarsnap keys, which is what I would like to avoid. What I instead would like is if I only needed to use limited keys, with read- and write permissions, but without the delete permission. That way a potential intruder at least wouldn't be able to ruin my backups. As I still want to be able to prune selected intervals I will now have to that from another (more trusted) computer. Doing that puts the cache folder on he original backup machine out of sync, preventing me from doing any more backups on it until I have rebuild its cache folders. Of course, to rebuild the cache I have to run --fsck, which requires a key with the delete permission, which is what I'm trying to avoid. (Yes, one workaround is to rsync the cache folder from the prune machine to the machine being backed up. Still, that doesn't feel like a stable solution in the long run if you want your backups to continue automatically.) Yes, that is my problem. Are there any solution I have missed? cperciva: Or would it perhaps be possible to add an option to tarsnap, allowing the rebuild of a cache folder without having the delete permission? Merely working on the local cache folder wouldn't require anything else than a read permission against the tarsnap archives, would it? // Andreas
Attachment:
signature.asc
Description: This is a digitally signed message part.