ambiser
/
btrbk
mirror of https://github.com/digint/btrbk
9
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

documentation: ssh_filter_btrbk.1.asciidoc: fixes, cleanup 

- add add "always allowed" commands (as bullet list)
- remove deprecated "-c, --compress"
pull/235/head
Axel Burri 2018-05-15 00:06:53 +02:00
parent 2f56c55120
commit ffba3e47c6
1 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
doc/ssh_filter_btrbk.1.asciidoc
View File

@ -17,25 +17,31 @@ SYNOPSIS
[literal] [literal]
ssh_filter_btrbk.sh [-s|--source] [-t|--target] [-d|--delete] ssh_filter_btrbk.sh [-s|--source] [-t|--target] [-d|--delete]
[-c|--compress] [-i|--info] [--snapshot] [--send] [--receive] [-i|--info] [--snapshot] [--send] [--receive]
[-p|--restrict-path <path>] [-l|--log] [--sudo] [-p|--restrict-path <path>] [-l|--log] [--sudo]
DESCRIPTION DESCRIPTION
----------- -----------
*ssh_filter_btrbk.sh* restricts SSH commands to 'btrfs' commands used *ssh_filter_btrbk.sh* restricts SSH commands to commands used by
by 'btrbk'. It examines the SSH_ORIGINAL_COMMAND environment variable 'btrbk'. It examines the SSH_ORIGINAL_COMMAND environment variable
(set by sshd) and executes it only if it matches commands used by (set by sshd) and executes it only if it contains commands used by
'btrbk'. The accepted commands are specified by the "--source", 'btrbk'.
"--target", "--delete" and "--info" options.
Note that the following btrfs commands are always allowed: "btrfs The accepted commands are specified by the "--source", "--target",
subvolume show", "btrfs subvolume list". "--delete" and "--info" options.
Note that commands for stream compression (pipes through gzip, pigz, The following commands are always allowed:
bzip2, pbzip2, xz, lzop, lz4), rate limiting (pipes through "pv -L"),
and stream buffer (pipes through "mbuffer") are always allowed. - "btrfs subvolume show"
- "btrfs subvolume list"
- "readlink"
- "cat /proc/self/mounts"
- pipes through "gzip", "pigz", "bzip2", "pbzip2", "xz", "lzop",
"lz4" (stream_compress)
- pipes through "mbuffer" (stream_buffer)
- pipes through "pv -L" (rate_limit)
Example line in /root/.ssh/authorized_keys on a backup target host: Example line in /root/.ssh/authorized_keys on a backup target host:
@ -50,8 +56,7 @@ OPTIONS
"btrfs send". Equivalent to "--snapshot --send". "btrfs send". Equivalent to "--snapshot --send".
-t, --target:: -t, --target::
Allow commands for backup target: "btrfs receive", "realpath" and Allow commands for backup target: "btrfs receive".
"cat /proc/self/mounts".
-d, --delete:: -d, --delete::
Allow commands for subvolume deletion: "btrfs subvolume Allow commands for subvolume deletion: "btrfs subvolume
@ -59,10 +64,6 @@ OPTIONS
'snapshot_preserve_daily' is not set to ``all'', and for backup 'snapshot_preserve_daily' is not set to ``all'', and for backup
targets if 'target_preserve_daily' is not set to ``all''. targets if 'target_preserve_daily' is not set to ``all''.
-c, --compress::
Allow commands for stream compression (pipes through gzip, pigz,
bzip2, pbzip2, xz, lzo, lz4). Needed if 'stream_compress' is set.
-i, --info:: -i, --info::
Allow informative commands: "btrfs subvolume find-new", "btrfs Allow informative commands: "btrfs subvolume find-new", "btrfs
filesystem usage". This is used by btrbk 'info' and 'diff' filesystem usage". This is used by btrbk 'info' and 'diff'