Skip to content

FAQ points to closed issue for pull backups #5480

New issue
New issue
Closed
#5501
Closed
FAQ points to closed issue for pull backups#5480
#5501
Milestone
1.1.15
@anarcat

Description

@anarcat
anarcat
opened on Nov 3, 2020

https://borgbackup.readthedocs.io/en/latest/faq.html#how-can-i-protect-against-a-hacked-backup-client says:

How can I protect against a hacked backup client?

Assume you backup your backup client machine C to the backup server S and C gets hacked. In a simple push setup, the attacker could then use borg on C to delete all backups residing on S.

These are your options to protect against that:

  • Do not allow to permanently delete data from the repo, see Append-only mode (forbid compaction).
  • Use a pull-mode setup using ssh -R, see document pull-like operation #900.
  • Mount C’s filesystem on another machine and then create a backup of it.
  • Do not give C filesystem-level access to S.

That's great except #900 is a kind of long issue that was closed because BountySource and chaos. Maybe it would be best to point to some other documentation for pull-mode? Maybe something about #5288 which I believe made https://borgbackup.readthedocs.io/en/latest/deployment/pull-backup.html possible?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions