[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Are key privilege separation and backup rotation compatible?

To: Colin Percival <cperciva@tarsnap.com>
Subject: Re: Are key privilege separation and backup rotation compatible?
From: Tim McCormack <cortex@brainonfire.net>
Date: Sun, 19 Mar 2017 07:20:06 -0400
Cc: tarsnap-users@tarsnap.com
In-reply-to: <817ce4a3-4d00-aa1c-65a7-248dead0f081@tarsnap.com>
References: <20170318204535.431d8edd@curmudgeon> <817ce4a3-4d00-aa1c-65a7-248dead0f081@tarsnap.com>

On Sat, 18 Mar 2017 18:04:20 -0700, Colin Percival wrote:
> I'm not entirely sure what you mean here.  If your server has
> write+read keys, it will be able to run --fsck to regenerate the
> cache directory and it will be able to create new archives, but it
> will not be able to delete old archives.

Ah, I think I got turned around after reading a previous discussion.
This makes complete sense now. :-)

> Yes: After you do the "--fsck + delete old archives" elsewhere, copy
> the cache directory onto the write-keys-only server.

Oh! Of course. And that might even be better than giving the server
under backup r+w keys, since I'd need to run a fsck one way or another
anyhow.

Thanks!

 - Tim

References:
- Are key privilege separation and backup rotation compatible?
  - From: Tim McCormack <cortex@brainonfire.net>
- Re: Are key privilege separation and backup rotation compatible?
  - From: Colin Percival <cperciva@tarsnap.com>

Prev by Date: Re: Are key privilege separation and backup rotation compatible?
Next by Date: Client-side deduplication during extraction
Previous by thread: Re: Are key privilege separation and backup rotation compatible?
Next by thread: Client-side deduplication during extraction
Index(es):
- Date
- Thread