|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
How to Set Directory Perms: Can Create, But Cannot Delete?
Is there a way to create a directory such that users can create files, but once created, the files are immutable by non-root? chflags seems to almost but not quite support this.
Here is what I'm trying to do: system A: a web server system B: a backup server Nightly, system A sends its backups to system B via scp or sftp (using a non-privileged user's credentials). Once on system B, the files cannot be modified or delete by that user. If system A is every compromised, the attacker can't nuke the backups as well. The files are available to be scp/sftp'd back to system A if needed. Periodically, a job on system B tidies the directory by removing old backups. Of course, there are other approaches: I could run the backups at 1am and then have a cron job on system B that moves them to an inaccessible place at 2am, or changes permissions on them, etc. I don't know if OpenBSD has support for directory-watching notify hooks which may be another avenue. But first I was going for simple...is there was a way to accomplish this with chflags? I tried this (OpenBSD 5.6): Code:
# mkdir /tmp/example # chmod 1777 /tmp/example # chflags uappnd /tmp/example Code:
$ cd /tmp/example $ cp /some/big/file.txt . $ cp /dev/null ./file.txt $ cp /some/other/big/file.txt file.txt $ And setting uchg on the directory appears to make the directory itself unchangeable, which means new files can't be created. |
|
|||
You could configure the backup system B to initiate the backup scp connection to system A.
Then you protect the backup system by only allowing outgoing backup connections with pf. The sshd(8) gives an example of an authorized_keys file entry that limits an incoming SSH connection to only run a single command: Code:
command="dump /home",no-pty,no-port-forwarding ssh-dss AAAAC3...51R== example.net
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Interesting...one of the reasons I'm not wild about the backup server initiating backups is that then there is nice set of ssh keys with access to all the clients in one place. I hadn't thought of that method of limiting what one could do with those keys.
So in this example, I'd do something like this: Code:
ssh -i /root/.ssh/some-key root@some.example.com 'dump -0f - /somedir' > /backups/clever-naming-scheme-0.dump Tested and it works. Nice. Thanks. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
strange "~" directory in home directory | gosha | OpenBSD General | 5 | 23rd February 2009 06:12 PM |
FreeBSD console delete key | graudeejs | FreeBSD General | 4 | 24th August 2008 01:37 PM |
Cannot delete it.... | graudeejs | FreeBSD General | 9 | 20th July 2008 12:45 PM |
How to delete account? | khdf | Feedback and Suggestions | 5 | 9th May 2008 09:05 PM |