From 5319b341c2229bcd7b456a970ae008d7209d3e9a Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Fri, 17 Feb 2017 08:47:01 +0000
Subject: [PATCH] Import FAQ and link to it from README.md.

refs: #11262
---
 FAQ.md    | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 README.md |  5 +++++
 2 files changed, 54 insertions(+)
 create mode 100644 FAQ.md

diff --git a/FAQ.md b/FAQ.md
new file mode 100644
index 0000000..d51bf79
--- /dev/null
+++ b/FAQ.md
@@ -0,0 +1,49 @@
+What should I do when rdiff-backup fails?
+=========================================
+
+If rdiff-backup fails, the meta data file may get corrupt. When this
+happens, rdiff-backup will complain loudly every time it is run and
+possibly fail to backup some or all the files.
+
+To force rdiff-backup to rebuild the meta data, set this option in
+the `.rdiff` backup action file:
+
+        options = --force
+
+After a rdiff-backup run has been successful you should remove
+this option.
+
+How to restrict privileges on the backup server?
+================================================
+
+backupninja uses a "push" mechanism, where backups are sent from one
+or several hosts to a centralized backup server.
+
+Mount your backup partition with limited execution rights
+---------------------------------------------------------
+
+Edit `/etc/fstab` to mount your partition with limited rights. For example:
+
+        /home           ext3    defaults,nosuid,noexec,nodev      0       2
+
+Create a user for each client
+-----------------------------
+
+On the backup server, it is important to create a separate user for
+each client.
+
+Use a restricted shell and jail users
+-------------------------------------
+
+Furthermore, you may use a restricted shell like
+[rssh](http://www.pizzashack.org/rssh/index.shtml) or
+[scponly](http://sublimation.org/scponly/wiki/index.php/Main_Page),
+which also offer the ability to jail connections.
+
+On the backup server:
+
+        $ apt-get install scponly
+        $ adduser --disabled-password --home /home/backup/ninja-host1 --shell /usr/bin/scponly ninja-host1
+
+You may now use `ninja-host1` user to connect to the
+`/home/backup/ninja-host1` jail.
diff --git a/README.md b/README.md
index 646a9c6..e920cd3 100644
--- a/README.md
+++ b/README.md
@@ -278,3 +278,8 @@ strategy outlined above is the way to go because:
    have root on the production server;
 3. rdiff-backup is more space efficient and featureful than using
    rsync + hard links.
+
+FAQ
+===
+
+See the [FAQ](FAQ.md).
-- 
GitLab