Merge pull request #5902 from ThomasWaldmann/pull-chroot-problematic-1.1

docs: pull mode: add some warnings, fixes #5827
2021-07-10 18:33:14 +02:00 · 2021-07-10 18:33:14 +02:00 · 1e7c1414b0
parent 99a791f9e2
commit 1e7c1414b0
1 changed files with 16 additions and 1 deletions
--- a/docs/deployment/pull-backup.rst
+++ b/docs/deployment/pull-backup.rst
@ -32,7 +32,7 @@ file system will probably change, and you may not have access to those files if
 BorgBackup is not run with root privileges.

 SSHFS is a FUSE file system and uses the SFTP protocol, so there may be also
-other unsupported features that the actual implementations of ssfs, libfuse and
+other unsupported features that the actual implementations of sshfs, libfuse and
 sftp on the backup server do not support, like file name encodings, ACLs, xattrs
 or flags. So there is no guarantee that you are able to restore a system
 completely in every aspect from such a backup.
@ -46,6 +46,21 @@ completely in every aspect from such a backup.
    client. Therefore, pull mode should be used only from servers you do fully
    trust!

+.. warning::
+
+    Additionally, while being chrooted into the client's root file system,
+    code from the client will be executed. Thus, you should only do that when
+    fully trusting the client.
+
+.. warning::
+
+    The chroot method was chosen to get the right user and group name-id
+    mappings, assuming they only come from files (/etc/passwd and group).
+    This assumption might be wrong, e.g. if users/groups also come from
+    ldap or other providers.
+    Thus, it might be better to use ``--numeric-owner`` and not archive any
+    user or group names (but just the numeric IDs) and not use chroot.
+
 Creating a backup
 -----------------