Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

S3 backup remove DeleteObject permission

Discussion in 'Data Protection' started by solventweb1, Nov 8, 2018.

  1. solventweb1

    solventweb1 Registered

    Joined:
    Nov 8, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    I have S3 configured as an "Additional Destination" for my cPanel backups. However, in order for the bucket to validate, the bucket policy needs to contain the DeleteObject permission. I'd like to remove that permission so that no one can accidentally (or maliciously) delete backups from this bucket. If I do that, cPanel's retention rules obviously won't work. Other than that, will this cause any issues?
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @solventweb1

    There wouldn't be a way to allow the bucket to validate without the DeleteObject perms. In theory though, no one should have access to your bucket to make any modifications such as this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. solventweb1

    solventweb1 Registered

    Joined:
    Nov 8, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Thanks @cPanelLauren

    Yes, I got around that issue by removing the DeleteObject permission after I validated the destination. Everything seems to be working. But I didn't know if that would cause other issues.

    My concern is that someone with access to the server can also delete the backups. That's what I want to prevent.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    You might want to confirm the transport is in fact working with that removed now, the only thing I would worry about is it does some validation of the destination before backups are sent over.

    I do understand this concern, pending you have adequate security measures in place this shouldn't ever occur though.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice