Merge pull request #5902 from ThomasWaldmann/pull-chroot-problematic-1.1

docs: pull mode: add some warnings, fixes #5827
borgbackup · Jul 10, 2021 · 17f5c13 · 17f5c13
2 parents 0fb8c8b + 949ca47
commit 17f5c13
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/docs/deployment/pull-backup.rst b/docs/deployment/pull-backup.rst
@@ -18,7 +18,7 @@ file system will probably change, and you may not have access to those files if
 BorgBackup is not run with root privileges.
 
 SSHFS is a FUSE file system and uses the SFTP protocol, so there may be also
-other unsupported features that the actual implementations of ssfs, libfuse and
+other unsupported features that the actual implementations of sshfs, libfuse and
 sftp on the backup server do not support, like file name encodings, ACLs, xattrs
 or bsdflags. So there is no guarantee that you are able to restore a system
 completely in every aspect from such a backup.
@@ -32,6 +32,21 @@ completely in every aspect from such a backup.
     client. Therefore, pull mode should be used only from servers you do fully
     trust!
 
+.. warning::
+
+    Additionally, while being chrooted into the client's root file system,
+    code from the client will be executed. Thus, you should only do that when
+    fully trusting the client.
+
+.. warning::
+
+    The chroot method was chosen to get the right user and group name-id
+    mappings, assuming they only come from files (/etc/passwd and group).
+    This assumption might be wrong, e.g. if users/groups also come from
+    ldap or other providers.
+    Thus, it might be better to use ``--numeric-owner`` and not archive any
+    user or group names (but just the numeric IDs) and not use chroot.
+
 Creating a backup
 -----------------