Hi all, I'm trying to create a secure server for duplicity: any hints on how to make it secure? Like, imposing limits with quotas (on e.g. BTRFS), bandwidth limits, no remote shell (really the one thing I don't get how to do) when using a reasonable protocol (not ftp)? I tried looking on internet, but everyone is more concerned about "how do I make it work" instead of "how do I make it secure"?
It'll also be a good addition to the wiki page IMO
- if you use the following "shell", SSH access to the server will be regulated (POSIX compliant, as a bonus)
#!/bin/sh if [ $# -eq 0 ]; then printf "%s\n" "Hahaha, you fool" printf "%s\n" "Only rsync(1) will ever work here." exit 1 elif [ $# -eq 2 ] && [ "$1" = "-c" ] && printf %s\\n "$2" | grep -qe "^rsync --server"; then exec $2 fi