NFS question..
Eric Eisenhart
eric at eisenhart.com
Wed Aug 21 12:06:35 PDT 2002
On Wed, Aug 21, 2002 at 10:20:10AM -0700, Christopher Wagner wrote:
> I will look into both ideas, either TCP/NFS or SMB.. Both machines do
> support SMB, so that might not be a bad idea..
>
> As for leaving the IP/hostnames of the machines, are they real? Are they
> really the machines I'm talking about? Hmm.. One never knows. :)
To revisit the original question, since NFS is a poor idea for anything
outside of your local network...
Why, exactly, are you doing an NFS mount? You gave a reason of wanting to
do network backups of a database? Backing up the raw database files over
NFS is bound to be problematic; databases really need to be locked instead.
I have two alternate suggestions:
1) database dump (if it was a MySQL database, "mysqldump"), preferably with
SSL or an SSH tunnel involved.
2) SSH/scp. Look in "man sshd" under the "AUTHORIZED_KEYS FILE FORMAT"
section; you can limit a given SSH key to running a *single* command. (you
can also limit it to working from a single IP address, disable port
forwarding, forbit agent forwarding and prevent tty allocation in there)
With that stuff on, it's reasonable to create a key for that *single*
purpose and not have a passphrase on it. A command of "tar czf -
/dir/to/back/up" in authorized_keys is pretty simple; just
"ssh other-host command_that_will_be_ignored > other-host-db-backup-`date +%Y-%m-%d-%H:%M:%S`.tar.gz"
on the other end.
--
Eric Eisenhart eric-dot-sig at eisenhart.com
Perl, SQL, Linux and Web ^ IRC: Freiheit at openprojects
Coder, Sysadmin and geek /e\ AIM: falsch freiheit
http://eric.eisenhart.com/ --- ICQ: 48217244
More information about the talk
mailing list