3
Backups.. Pull or Push? (feddit.uk)
submitted 1 month ago by Cyber@feddit.uk to c/linux@lemmy.world
4 comments fedilink hide all child comments

I've been generally running various different ways of backing up files to my NAS (which then backs up to other locations...) - mostly syncthing for photos and large collections of files, but I tend to use rsync to push out config backups to the NAS once something's working.

But, the NAS is only powered up a few times a day (to save on electricity costs), which is fine for manual pushes, but makes scheduling backups a bit tricky.

It dawned on me that it might be better for the NAS to pull the files via rsync instead of pushing them.

Anyone tried this route and have any advice?

you are viewing a single comment's thread
view the rest of the comments
[-] notabot@piefed.social 1 points 1 month ago

The big difference between pull and push is which system has keys to access the other, and what an attacker could do with them. With your home network you might ultimately decide this isn't too important, but it's worth at least thinking about anyway.

In a push setup, each machine has some way (likely an SSH key) to authenticate to the NAS and push backup files to it. Each server has a different key to access a different path on the NAS, so if a server is compromised the attacker only gets access to that part of the NAS data, and if the NAS gets compromised, the attacker can't connect to anything but has access to the encrypted backups (you do encrypt the backups you care about, right?). This limits how much extra data the attacker can read, but has the downside you mentioned.

In a pull setup, the NAS has to have a way to connect to each server, typically as root for file access permissions. This means that if a server is compromised the attacker doesn't gain a way to access even a limited portion of the NAS, but if the NAS is compromised they gain access to keys to root access on every server, which is likely catastrophic.

A compromise solution can work. Have each server back up to a local file, then give the NAS permission to retrieve only that file, rather than root access. Whilst rsync isn't going to work for creating the single file backup, something like borg or restic would. This does mean you need more disk space on each server, but it also means that the server doesn't need direct access to the NAS, and the NAS only needs unpriviledged access to each server, mitigating the risk of a compromise.

this post was submitted on 20 Dec 2025
3 points (100.0% liked)

Linux

14837 readers
2 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world