[HN Gopher] Make Your Own Backup System - Part 2: Forging the Fr...
       ___________________________________________________________________
        
       Make Your Own Backup System - Part 2: Forging the FreeBSD Backup
       Stronghold
        
       Author : todsacerdoti
       Score  : 74 points
       Date   : 2025-07-29 07:42 UTC (3 days ago)
        
 (HTM) web link (it-notes.dragas.net)
 (TXT) w3m dump (it-notes.dragas.net)
        
       | benlivengood wrote:
       | I've had good luck using `zfs allow` to grant non-root backup
       | users the ability to only add snapshots to their datasets to
       | avoid the "attacker compromises prod and then jumps to the backup
       | server and deleted the backups". It is an extra step to clean up
       | old snapshots, but worth the risk-reduction.
       | 
       | You can also split administration up so that, e.g., my friend
       | sending me snapshots can't even log in as root on his backup
       | server.
        
       ___________________________________________________________________
       (page generated 2025-08-01 23:00 UTC)