security on Linux repository with multiple Veeam installs

[andyg]

Each customer has their own Veeam B&R install and they all use the same repository server, but each has their own directory for backups. Each Veeam install uses it's own SSH user.
We have a Linux Repository server with a directory for each Veeam server that connects to it.
e.g
/home/customer1
/home/customer2
/home/customer3

How can I stop one customer scanning/viewing the repository and seeing the other customer backups ?

Do I need to mess with the file//directory permissions, or use ACLs?

[tdewin]

We have a product called Veeam Cloud Connect, which allows service providers to set up a multi tenant environment and thus also safely share a repository.
https://www.veeam.com/cloud-connect.html

It's not a direct answer to your question, but just to make sure you have considered it before trying to rebuild what has already been made.

[PTide]

Hi,

You can create a dedicated linux account with admin pivileges for each customer so customers will be able to backup to their home directory they but won't be able to browse other customers' directories - just make sure that the repo is added to the console with customer's credentilas, not root.

Thank you.

[dellock6]

The best choice you can do is to use chroot.

[andyg]

Each customer does have their own Linux ssh account. The Veeam directories get set to 775 by default (via Veeam) - so the all users can view them (the 5).

@dellock6
Do you have an example chroot setup? - what binaries/directories need to be in the chroot for Veeam to work ?

[dellock6]

There is another thread discussing a bit chroot configurations:
veeam-backup-replication-f2/target-on-c ... 21314.html

Luca

[andyg]

There is another thread discussing a bit chroot configurations:
veeam-backup-replication-f2/target-on-c ... 21314.html

Luca

That forums post doesn't say they have a working chroot, do you have any steps or list of files that would need to be in the jail? (ssh, bash, perl?)