Definitely pull
You want your backup system to be isolated from the rest of the network.
this post was submitted on 20 Dec 2025
19 points (100.0% liked)
Linux
14449 readers
31 users here now
Welcome to c/linux!
Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!
Rules:
-
Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
-
Be respectful: Treat fellow community members with respect and courtesy.
-
Quality over quantity: Share informative and thought-provoking content.
-
No spam or self-promotion: Avoid excessive self-promotion or spamming.
-
No NSFW adult content
-
Follow general lemmy guidelines.
founded 2 years ago
MODERATORS
The big difference between pull and push is which system has keys to access the other, and what an attacker could do with them. With your home network you might ultimately decide this isn't too important, but it's worth at least thinking about anyway.
In a push setup, each machine has some way (likely an SSH key) to authenticate to the NAS and push backup files to it. Each server has a different key to access a different path on the NAS, so if a server is compromised the attacker only gets access to that part of the NAS data, and if the NAS gets compromised, the attacker can't connect to anything but has access to the encrypted backups (you do encrypt the backups you care about, right?). This limits how much extra data the attacker can read, but has the downside you mentioned.
In a pull setup, the NAS has to have a way to connect to each server, typically as root for file access permissions. This means that if a server is compromised the attacker doesn't gain a way to access even a limited portion of the NAS, but if the NAS is compromised they gain access to keys to root access on every server, which is likely catastrophic.
A compromise solution can work. Have each server back up to a local file, then give the NAS permission to retrieve only that file, rather than root access. Whilst rsync isn't going to work for creating the single file backup, something like borg or restic would. This does mean you need more disk space on each server, but it also means that the server doesn't need direct access to the NAS, and the NAS only needs unpriviledged access to each server, mitigating the risk of a compromise.
Hey, so good points there thst I hadn't considered at the time, I was only think of data... good point about the SSH keys, which is exactly what I would've done.
So, yeah, local backups on each device (kinda a good idea anyway) and then restricted pull from the NAS... nice...
The one that’s offline more often manages the schedule.
In my case the NAS is on 24/7 so the other machines push backups whenever they’re on.
In your situation the NAS is on randomly, so the NAS pulling backups will most likely work better
Yes, that was my thoughts - or just have hourly backups where some will work, some won't...
Bit messy, but simple.
Depends, in your case pull works. There is no universal answer here.
True, I'm looking for the slap-the-forehead moments that others can save me from
I still backup my files the most basic way, that is, create an archive locally, connect external storage and copy it there. Then disconnect external storage. The archive is made onto a separate internal drive and I keep the most recent one there, so I don't even need the external one for minor accidents.
I think only once in the last decade or so have I wanted (but never needed) to pull something back from external, but it's nice to know it's there.
The main downside to this method is that it doesn't de-duplicate, so keeping several takes a lot more space that it would do otherwise.
I have an LXC that pulls files to it as backups using rsync, and pushes backups to a remote location using borg.
Neither pushing nor pulling has any effect on the integrity of the backup, so just do which makes your life easier. I'm doing both because managing all of my backups from a single location is just easier.
So you're effectively using the LXC as a just a backup traffic coordinator?
Or, is that on a NAS also keeping a local copy?
The LXC also has storage attached and houses backups, but it's not served in any accessible way. I just use SFTP if I need to pull some files. The off-site is for if I somehow destroy both my live copy and the backup copy.
With syncthing, it doesn't matter. It just happens when they are both online
This is exactly why syncthing is problematic as a backup solution.
If I delete a file on one host and syncthing is doing the default two way sync, the deletion is also replicated to the other machine.
They acknowledge this in their faq: https://docs.syncthing.net/users/faq.html#is-syncthing-my-ideal-backup-application
You can mitigate some of these issues with file versioning, or one way syncs, but ultimately it's just not really the tool for the job.
Okay so change the setting as you mentioned