#75 closed task (duplicate)
Internet based backup and recovery of user files
| Reported by: | CarolineM | Owned by: | martin.langhoff |
|---|---|---|---|
| Priority: | major | Milestone: | Unspecified |
| Component: | Sugar on a Stick (SoaS) | Version: | Unspecified |
| Severity: | Blocker | Keywords: | |
| Cc: | martin.langhoff@… | Distribution/OS: | Unspecified |
| Bug Status: | New |
Description
Use Case:
For Sugar on a stick we need to back up user files to a hosted schoolserver and be able to recover them on a new stick.
It would also be able to mark a particular stick as lost and then turn off access to user files on that stick.
Change History (11)
comment:1 Changed 15 years ago by mungewell
comment:2 Changed 15 years ago by CarolineM
hmmm, you are certainly right. We are in no way protecting against anyone who wants to look at anything on someone elses stick if they have the stick.
Here is the use case I am imagining.
Student loses the stick and goes to the teacher. Teacher, the cat ate my stick. The teacher goes to a web page and reports it lost and makes a new stick for the student.
I think there is some value to having a stick that is reported lost, if someone trys to use it, have it say "I'm lost please return me to the office" and not let itself be used.
I think the big problem if we don't do that is that a week later they find the old Stick and start using it. They now have different journal files on 2 sticks. Very confusing potentially.
But I agree this is not a huge priority.
comment:3 Changed 15 years ago by mungewell
Following from an IRC conversation:
It appears that there is no 'introduction' process where a teacher can introduce a XO to a XS, this would be extremely useful for the requested features of this bug report.
If access can be limited to introduced XOs and the account/data store on the XS be limited to the the introduced XO then you can achieve most of what you want. Each XO user session contains a pub/private key pair (in /home/olpc/.sugar/default/owner.key), these could be used to identify/authenicate the XO to the XS.
If lost, the replacement XO could be introduced as the new machine for student 'Johnny' and the access to the XS from the old XO would automatically be revoked.
The use of pub/private key and challenge/response would prevent spoofing or replay attacks.
comment:4 Changed 15 years ago by bernie
- Bug Status set to Unconfimed
- Distribution/OS set to Unspecified
- Severity set to Blocker
Is this assigned to me by mistake?
Or would you like me to setup a schoolserver with enough disk space for the backups?
comment:5 Changed 15 years ago by FGrose
- Bug Status changed from Unconfimed to New
- Cc martin.langhoff@… added
- Distribution/OS changed from Unspecified to SoaS
- Type changed from defect to task
comment:6 Changed 15 years ago by CarolineM
Hi,
We are getting very close to having kids using SoaS it would be great if we could back up their files to an XS server and be able to recover in case their stick fails or is lost.
Does anyone know how far we are from being able to do this and what tasks need to happen to make it a reality?
comment:7 Changed 15 years ago by CarolineM
Hamilton of Solution Grove is working on this with Marin and others. Making decent progress towards registration, backup and restore of SoaS.
comment:8 Changed 15 years ago by bernie
- Owner changed from Bernie to martin.langhoff
- Status changed from new to assigned
Why was this bug assigned to me? It's probably Martin's business :)
comment:9 Changed 15 years ago by CarolineM
- Resolution set to duplicate
- Status changed from assigned to closed
Next step on this is Ticket 916.
I'm going to close this general one and we can work on more specific issues.
comment:10 Changed 14 years ago by sascha_silbe
- Distribution/OS changed from SoaS to Unspecified
Bulk change distribution=SoaS -> component=SoaS
comment:11 Changed 14 years ago by bernie
- Milestone set to Unspecified by Release Team
- Version set to Unspecified
The feature requested by this ticket is largely implemented by Dextrose's backup/restore functionality: http://wiki.sugarlabs.org/index.php?title=Features/Backup_and_Restore
Except for the "report lost" part, which belongs to the schoolserver.
I may be misunderstanding what you wrote; did you mean 'turn off access _for_ that stick' ie. de-auth a particular stick to prevent access to school server?
If not, please read on....
Turning off access to the user's files stored the on the USB stick is both difficult and subject to abuse/attack.
At present the files are stored as a datastore within whatever persistence file/partition the LiveCD/USB uses. Often this is simply an ext2/3 filesystem within a file, which is overlaid on the CD filesystem. A simple 'mount' command will mount this file to make the datastore accessible (even if the names of individual journal items are garbled).
If the LiveUSB is used on a PC without internet access there will be no method to trigger the 'lock files' action.
If the datastore is not 'shredded' the files would still be accessible using another OS to access the USB drive.
The only real way to protect the files is to use some form of encrypted filestore, but this would require user authentication on boot - probably something that a 5 year old could not handle.
Is the protection of the user data that important? I believe that the security features of the real XO are more as a deterent to theft/black market trade of the hardware itself.
Mungewell.