[HCoop-Discuss] I no longer can make automated backups

Adam Megacz megacz at hcoop.net
Sun Jul 1 17:14:51 EDT 2007 

Eric, to accomplish this you're going to need to hardwire your hcoop
password into the backup script on your local machine.  That's
basically what your ssh private key amounts to on a non-kerberos
system.  Note that I do not recommend doing this.

A more secure alternative is to install the AFS client on your
machine-to-be-backed-up and put your offby1.daemon keytab on that
machine.  Then grant that user permission to insert files into your
backups directory.  This way if your machine-being-backed-up gets
hacked, all the hacker gets is your daemon keytab, which is much less
sensitive -- for example, that user can't ssh or spawn processes,
can't read your email, and has only the permissions you choose to
grant it.  Moreover, if you only gave it insert permissions, the
hacker won't be able to retrieve or delete your backups.

Of course, this requires more work.

  - a


Eric Hanchrow <offby1 at blarg.net> writes:
>>>>>> "Gregor" == Gregor Larson <gregor at hcoop.net> writes:
>
>     Gregor> Eric, There will also be some limit to the amount you can
>     Gregor>   store (even if quotas were disabled, you are limited by
>     Gregor>   the volume size).  
>
> Certainly -- but I doubt I'll be storing _that_ much data.
>                                  
>     Gregor>   The quota system allows us to share the disk-resource
>     Gregor>   fairly and prevents one user from impacting other users
>     Gregor>   by filling the shared volume.
>
> Oh yeah, I understand what quotas are in general.  My problem isn't
> that there's a quota per se; it's that there appears to be no way to
> increase it, even if I'm willing to pay money :-)
>
>     Gregor>   Perhaps running the cron job on mire (rather than your
>     Gregor> home machine might work).  
>
> I would expect that to work roughly as well as running it on my home
> machine, namely: not at all, since in both cases I'd expect to have to
> do something manually to "refresh" my kerberos tickets.
>
> -- 
> It has been suggested that this article or section be merged
> into Fried dough. (Discuss)
>         -- Seen on Wikipedia

-- 
PGP/GPG: 5C9F F366 C9CF 2145 E770  B1B8 EFB1 462D A146 C380

More information about the HCoop-Discuss mailing list