Kommentare zu: Secure backups with push and pull strategies via amazon s3 http://www.logaholic.de/2009/05/21/secure-backups-with-push-and-pull-strategies-via-amazon-s3/ queer as code! Sat, 03 Dec 2011 22:03:07 +0100 http://wordpress.org/?v=2.8 hourly 1 Von: Karsten Deubert http://www.logaholic.de/2009/05/21/secure-backups-with-push-and-pull-strategies-via-amazon-s3/comment-page-1/#comment-169 Karsten Deubert Sat, 29 Aug 2009 19:14:14 +0000 http://www.logaholic.de/?p=271#comment-169 Hi Lem, thank you for your comment. You are right, i haven't actually implemented this fully. At the moment we use amazon s3 just as temporary storage, whilst our nightly pull-script just downloads and deletes the backups from the bucket. Would it maybe be possible to let the pull-script set the owner of the file to the adminaccount and therefore permit the push-user to delete/modify it? Hi Lem, thank you for your comment. You are right, i haven’t actually implemented this fully.

At the moment we use amazon s3 just as temporary storage, whilst our nightly pull-script just downloads and deletes the backups from the bucket.
Would it maybe be possible to let the pull-script set the owner of the file to the adminaccount and therefore permit the push-user to delete/modify it?

]]> Von: Lem http://www.logaholic.de/2009/05/21/secure-backups-with-push-and-pull-strategies-via-amazon-s3/comment-page-1/#comment-167 Lem Sat, 22 Aug 2009 21:45:37 +0000 http://www.logaholic.de/?p=271#comment-167 I meant to say "then the user can put, but they can also overwrite and delete". I meant to say “then the user can put, but they can also overwrite and delete”.

]]> Von: Lem http://www.logaholic.de/2009/05/21/secure-backups-with-push-and-pull-strategies-via-amazon-s3/comment-page-1/#comment-166 Lem Sat, 22 Aug 2009 21:44:58 +0000 http://www.logaholic.de/?p=271#comment-166 Have you actually implemented this? I am unclear on how "The production environment, with its own (restricted to put and get files) s3 user, will push backups to our s3 bucket. It is not allowed to delete backups there." is supposed to work. As far as I can tell, the ACLs in S3 support granting READ or WRITE on buckets and objects. If you grant WRITE on a bucket, then the user can put, but they can also upload and delete. I do not see how you can allow upload but disallow delete. Have you actually implemented this? I am unclear on how “The production environment, with its own (restricted to put and get files) s3 user, will push backups to our s3 bucket. It is not allowed to delete backups there.” is supposed to work.

As far as I can tell, the ACLs in S3 support granting READ or WRITE on buckets and objects. If you grant WRITE on a bucket, then the user can put, but they can also upload and delete. I do not see how you can allow upload but disallow delete.

]]>