ambiser
/
btrbk
mirror of https://github.com/digint/btrbk
9
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

documentation: ssh_filter_btrbk.1.asciidoc: fixes, cleanup 

- add add "always allowed" commands (as bullet list)
- remove deprecated "-c, --compress"
pull/235/head
Axel Burri 2018-05-15 00:06:53 +02:00
parent 2f56c55120
commit ffba3e47c6
1 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
doc/ssh_filter_btrbk.1.asciidoc
View File

@ -17,25 +17,31 @@ SYNOPSIS
[literal]
ssh_filter_btrbk.sh [-s|--source] [-t|--target] [-d|--delete]
[-c|--compress] [-i|--info] [--snapshot] [--send] [--receive]
[-i|--info] [--snapshot] [--send] [--receive]
[-p|--restrict-path <path>] [-l|--log] [--sudo]
DESCRIPTION
-----------
*ssh_filter_btrbk.sh* restricts SSH commands to 'btrfs' commands used
by 'btrbk'. It examines the SSH_ORIGINAL_COMMAND environment variable
(set by sshd) and executes it only if it matches commands used by
'btrbk'. The accepted commands are specified by the "--source",
"--target", "--delete" and "--info" options.
*ssh_filter_btrbk.sh* restricts SSH commands to commands used by
'btrbk'. It examines the SSH_ORIGINAL_COMMAND environment variable
(set by sshd) and executes it only if it contains commands used by
'btrbk'.
Note that the following btrfs commands are always allowed: "btrfs
subvolume show", "btrfs subvolume list".
The accepted commands are specified by the "--source", "--target",
"--delete" and "--info" options.
Note that commands for stream compression (pipes through gzip, pigz,
bzip2, pbzip2, xz, lzop, lz4), rate limiting (pipes through "pv -L"),
and stream buffer (pipes through "mbuffer") are always allowed.
The following commands are always allowed:
- "btrfs subvolume show"
- "btrfs subvolume list"
- "readlink"
- "cat /proc/self/mounts"
- pipes through "gzip", "pigz", "bzip2", "pbzip2", "xz", "lzop",
"lz4" (stream_compress)
- pipes through "mbuffer" (stream_buffer)
- pipes through "pv -L" (rate_limit)
Example line in /root/.ssh/authorized_keys on a backup target host:
@ -50,8 +56,7 @@ OPTIONS
"btrfs send". Equivalent to "--snapshot --send".
-t, --target::
Allow commands for backup target: "btrfs receive", "realpath" and
"cat /proc/self/mounts".
Allow commands for backup target: "btrfs receive".
-d, --delete::
Allow commands for subvolume deletion: "btrfs subvolume
@ -59,10 +64,6 @@ OPTIONS
'snapshot_preserve_daily' is not set to ``all'', and for backup
targets if 'target_preserve_daily' is not set to ``all''.
-c, --compress::
Allow commands for stream compression (pipes through gzip, pigz,
bzip2, pbzip2, xz, lzo, lz4). Needed if 'stream_compress' is set.
-i, --info::
Allow informative commands: "btrfs subvolume find-new", "btrfs
filesystem usage". This is used by btrbk 'info' and 'diff'