The admin manual is great, I’ve read is numerous times during the course of the deployment of urbackup.
What I’m now looking for is some documentation on server side security.
After getting this thing rolling, I noticed that as an admin on the actual server, I can view any files that have been backed up. Now I suppose with any platform that is also a possibility. Are there any additional security measures I can take to help segregate user data?
Do you mean filesystem security or WebUI security? On web interface you can assign specific computers/backups to specific users. On the filesystem, at least on Linux, files have 750 permissions with user urbackup, so access is pretty limited unless you are the admin.
Other thing to do is encryption in transit which you can do if you designate your server as an Internet server, not a local one. Can’t remember if UrBackup does file encryption but I would guess not?
You could set the admin password to a really long random password and hide it somewhere, then create a more limited user to do the administration, that cannot access the backups.
Use e.g. LUKS/BitLocker to encrypt the backups at rest.
You could use e.g. SELinux to further restrict e.g. that root can access the backups and can become the urbackup user. Idk if that would work. If it does could you report back?
I might go with the long and randomized admin pass as suggested for now, with the limited administration account.
This is currently hosted on an ubuntu server so no bitlocker, but I know lots of other encryption options are available.
My concern after seeing the backup files while logged into the server was, if someone is able to circumvent the user portal they’d have access to unencrypted user files. If their directory was encrypted it wouldn’t matter.
I’m confused as to how to natively implement encryption on the server, without breaking the user restore process. I would think that if if I set this up it’d effect both the incremental backup of user data, and also the restore since the file they’d download (if they could even see it) would be encrypted.
If anyone has successfully set something like that up, and recovery is still possible through the user portal I’d love to hear how.