R
R
Riateche2011-09-13 13:30:40
Amazon Web Services
Riateche, 2011-09-13 13:30:40

Restrict access to Amazon S3

I want to make an automatic backup of the server database on Amazon, but in such a way that if the server is hacked, it would be impossible to spoil the backup. That is, create a user who only has permission to upload files (assuming there are no files with the same name). Is it possible to do so? If possible, describe in more detail the sequence of actions.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
V
Vlad Zhivotnev, 2011-09-13
@inkvizitor68sl

Authorization by key with the right to command "%upload%", umask 222 for the user. Should be enough, provided that the root is not broken. Well, if the root is broken, nothing will help here.

@
@sledopit, 2011-09-13
_

Remove everything except ssh.
Create two users: one for administration, the second for copying. They can be explicitly specified in sshd_config (AllowUsers directive).
Set rssh, uncomment allowscp and allowsftp in /etc/rssh.conf, and change the shell for the user to copy to /usr/bin/rssh.
After that, you will have what you are asking for.
ps.
To complete the effect, disable password authorization, limit at least the range of connected IPs, close all ports through iptables except for the port for ssh, which you outweigh from robots to any other port above 1024.
If paranoia is really tormenting, then you can implement port knocking (:

R
rPman, 2013-04-12
@rPman

-

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question