This permits my target machine to SSH in, snapshot /mnt/btrfs, and pull that snapshot over SSH. The target machine is also configured (via target_preserve) to preserve daily/weekly snapshots, and delete the remaining snapshots.
This deletion expectedly fails with ssh_filter_btrbk.sh: ssh command rejected: disallowed command (restrict-path: "/mnt/btrfs"): sudo -n btrfs subvolume delete [...], since delete is not permitted.
I could fix this by specifying the --delete flag in ssh_filter_btrbk.sh, but this seems like that too risky/large a privilege to grant: the target machine could wipe all subvolumes!
Possible idea
ssh_filter_btrbk.sh could gain a flag --restrict-path-for-deletes, which with --delete would allow deletes but only under the --restrict-path-for-deletes directory.
Background
On my source machine, SSH authorized_keys looks like:
This permits my target machine to SSH in, snapshot /mnt/btrfs, and pull that snapshot over SSH. The target machine is also configured (via target_preserve) to preserve daily/weekly snapshots, and delete the remaining snapshots.
This deletion expectedly fails with
ssh_filter_btrbk.sh: ssh command rejected: disallowed command (restrict-path: "/mnt/btrfs"): sudo -n btrfs subvolume delete [...]
, since delete is not permitted.I could fix this by specifying the
--delete
flag inssh_filter_btrbk.sh
, but this seems like that too risky/large a privilege to grant: the target machine could wipe all subvolumes!Possible idea
ssh_filter_btrbk.sh
could gain a flag--restrict-path-for-deletes
, which with--delete
would allow deletes but only under the--restrict-path-for-deletes
directory.