Re: Newbie question about "machines"

[Colin Percival <cperciva@tarsnap.com>]

On 06/22/11 17:34, Stuart Campbell wrote:
> I don't quite understand the concept of "machine" as passed to the
> tarsnap-keygen command. Is it just a human-readable key name for
> auditing purposes?

Yes.  In hindsight I should probably have called it "key nickname" rather
than "machine name".

> Are archives created by one machine accessible by another machine for
> the same user account?

Each set of keys you generate has a separate archive space.

> I guess my real question is: what's the correct way to provide a
> read/create key to one computer, and a "full" (read/write/delete/nuke)
> key to another computer, for the same set of archives?

You can create a key file using tarsnap-keygen and then create a restricted
key from that using tarsnap-keymgmt.

However, *create and delete operations need an up to date cache directory*, so
you won't be able to perform create/delete operations on both systems unless
you run 'tarsnap --fsck' in between to reconstruct the cache directory.  (The
cache directory tells tarsnap which bits are on the server, and if one machine
uploads or deletes something then the other machine needs to figure out what
happened so that it knows whether it should be uploading/deleting blocks.)

This is a limitation in Tarsnap which is unlike systems like dropbox -- this is
because Tarsnap is a backup system rather than a file synchronization system.

Hope that helps,
-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid