From 344b833e373e45b7d01aa92acbcced3938c7657d Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sat, 10 Jul 2021 18:15:50 +0200 Subject: [PATCH 1/2] docs: pull mode: add some warnings, fixes #5827 --- docs/deployment/pull-backup.rst | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/deployment/pull-backup.rst b/docs/deployment/pull-backup.rst index d923cf2f37..e112284fcf 100644 --- a/docs/deployment/pull-backup.rst +++ b/docs/deployment/pull-backup.rst @@ -32,6 +32,21 @@ completely in every aspect from such a backup. client. Therefore, pull mode should be used only from servers you do fully trust! +.. warning:: + + Additionally, while being chrooted into the client's root file system, + code from the client will be executed. Thus, you should only do that when + fully trusting the client. + +.. warning:: + + The chroot method was chosen to get the right user and group name-id + mappings, assuming they only come from files (/etc/passwd and group). + This assumption might be wrong, e.g. if users/groups also come from + ldap or other providers. + Thus, it might be better to use ``--numeric-owner`` and not archive any + user or group names (but just the numeric IDs) and not use chroot. + Creating a backup ----------------- From 949ca476527422909c8e89ed087cd6a9ce0a957b Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sat, 10 Jul 2021 18:32:06 +0200 Subject: [PATCH 2/2] fix typo --- docs/deployment/pull-backup.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deployment/pull-backup.rst b/docs/deployment/pull-backup.rst index e112284fcf..2d1496b873 100644 --- a/docs/deployment/pull-backup.rst +++ b/docs/deployment/pull-backup.rst @@ -18,7 +18,7 @@ file system will probably change, and you may not have access to those files if BorgBackup is not run with root privileges. SSHFS is a FUSE file system and uses the SFTP protocol, so there may be also -other unsupported features that the actual implementations of ssfs, libfuse and +other unsupported features that the actual implementations of sshfs, libfuse and sftp on the backup server do not support, like file name encodings, ACLs, xattrs or bsdflags. So there is no guarantee that you are able to restore a system completely in every aspect from such a backup.