• 0 posts
  • 293 comments
Joined 1 year ago
Cake day: February 15th, 2025
  • HelloRoot@lemy.loltoSelfhosted@lemmy.worldHow do you protect a remote backup from a compromised account?English
    55 minutes

    OP asked:

    How can you grant access to an account to write remotely, but also protect the data from this account?

    So I was thinking that the account should not be able to delete the filesystem in an unrecoverable way. Like overriding the current fs with random data or an encrypted fs and filling it etc.

    Like I said on a Hetzner storage box, multiple users get access to the same system, but each one only has file editing commands, not fs editing and they can only access their assigned directory. So if the system does scheduled snapshots (outside of that user’s scope of access) there is no way for a user to delete the files beyond recoverability. (no matter if their own files or other users files).

    The user can still delete their own data. But because the fs is cow with snapshots (like btrfs) and they can not touch that, the data can be recovered easily.

  • HelloRoot@lemy.loltoSelfhosted@lemmy.worldHow do you protect a remote backup from a compromised account?English
    3 days

    I think you could do it somewhat like hetzner does for their storage boxes. You get an account that has read and write access to a directory and nothing outside. The accound can only run a limited set of commands, like ls, cat, nano, rsync etc. but has no access to commands that modify the filesystem.

    Then you can use a copy on write fs like btrfs and make scheduled staggered snapshots.

    I usually do 1x per year, 1x per month of current year, 4 per week of current montg, 7 per day in current week.

    I have no clue what they use to limit the user accounts like that btw. but maybe that gives you a new jump off point for further research.