[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: fsck w/out delete privilege
Gleb Arshinov wrote:
> Any update on releasing this?
That's coming in tarsnap 1.0.27, which will be out Real Soon Now. Sorry
about the delay -- I've been working on back-end server performance and
the client code got stalled for a while.
> Alternately, what's the right process for copying cache from one
> machine to another? Is it safe to just copy cache directory over?
That's the most efficient way to do it even after --fsck is available
without the delete key. But I recommend only copying the cache *from*
the machine which has the delete key and not *to* that machine: The
cache has block reference counts, so theoretically an attacker on the
writing machine could reduce those values and cause tarsnap -d to delete
blocks which are still referenced (thereby breaking archives).
> The setup is machine public with read/write key, and private machine
> with full key. Public machine does backups. You then do fsck on
> private machine, delete some backups and need to restore cache on
> public.
Yep, makes sense.
--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid