It is great if you have a serious issue with your whole node & need to restore it to a day ago.
Of course I already pay for Linode's in-house backup solution, which is reliable & has saved me in the past. I use several Ubuntu-based VM-s hosted at Linode, which fulfill various roles (web server, JIRA, knowledgebase software). I’m sure that’s not the “most secure” way to do it–and no doubt other members of the forum can suggest more secure alternatives –but in my environment (a small server with a small number of trusted but non-privileged users) I think it’s sufficient.Read my dedicated post on PC backup software if that's what you're after! The theory is that only someone with superuser privileges can look at my credentials files directly or snoop on the environment of my backup process. I then start restic via a short script, run as root, which parses my credentials files, exports the necessary variables, and builds and executes the restic command line. I have files with my account credentials and repo credentials in that directory, with similar access restrictions. That is to set up a directory (…/restic/credentials/) which is owned by root and accessible only to root. With the caveat that I’m not a Linux security expert, I can tell you what I’ve done. bash_profile from access by others, so what you’re doing may be adequate, but you’re right…exporting variables from a profile and leaving them exposed in your environment indefinitely is certainly not the most secure way to do it. You don’t mention the environment in which you’re working, or what you’ve done to protect your.
0 kommentar(er)
