Comment on How do you protect a remote backup from a compromised account?
groet@feddit.org 5 days agoYeah precice phrasing ia hard sometime. I was refering to delete/modify of files as “changes to the fs”. Not sure how changing the actuall fs would be relevant to the backup question.
OP needs a restricted shell that can take backup data and write it to disk but not be able to modify anything that is already there. Nano and rsync can both do that.
HelloRoot@lemy.lol 5 days ago
OP asked:
So I was thinking that the account should not be able to delete the filesystem in an unrecoverable way. Like overriding the current fs with random data or an encrypted fs and filling it etc.
Like I said on a Hetzner storage box, multiple users get access to the same system, but each one only has file editing commands, not fs editing and they can only access their assigned directory. So if the system does scheduled snapshots, there is no way for a user to delete the files beyond recoverability.