From 1e7c1414b030b3dd09c7daa451a2e078328ce4fc Mon Sep 17 00:00:00 2001 From: TW Date: Sat, 10 Jul 2021 18:33:14 +0200 Subject: [PATCH] Merge pull request #5902 from ThomasWaldmann/pull-chroot-problematic-1.1 docs: pull mode: add some warnings, fixes #5827 --- docs/deployment/pull-backup.rst | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/deployment/pull-backup.rst b/docs/deployment/pull-backup.rst index 42157d330..f516e0ae3 100644 --- a/docs/deployment/pull-backup.rst +++ b/docs/deployment/pull-backup.rst @@ -32,7 +32,7 @@ file system will probably change, and you may not have access to those files if BorgBackup is not run with root privileges. SSHFS is a FUSE file system and uses the SFTP protocol, so there may be also -other unsupported features that the actual implementations of ssfs, libfuse and +other unsupported features that the actual implementations of sshfs, libfuse and sftp on the backup server do not support, like file name encodings, ACLs, xattrs or flags. So there is no guarantee that you are able to restore a system completely in every aspect from such a backup. @@ -46,6 +46,21 @@ completely in every aspect from such a backup. client. Therefore, pull mode should be used only from servers you do fully trust! +.. warning:: + + Additionally, while being chrooted into the client's root file system, + code from the client will be executed. Thus, you should only do that when + fully trusting the client. + +.. warning:: + + The chroot method was chosen to get the right user and group name-id + mappings, assuming they only come from files (/etc/passwd and group). + This assumption might be wrong, e.g. if users/groups also come from + ldap or other providers. + Thus, it might be better to use ``--numeric-owner`` and not archive any + user or group names (but just the numeric IDs) and not use chroot. + Creating a backup -----------------