Is it possible to configure rsync in server mode, to gain access to root protected files, without the user having to log in as root through ssh? I'd prefer to login as a regular user through ssh and access an rysnc server on the host that's running as root. As far as I can tell, however, that's not possible...am I wrong?
You can use the --rsh="/path/to/command/here" argument in conjunction with a simple shell script wrapper that calls rsync using sudo. Jim Salter JRS Systems Paul Galbraith wrote:> Is it possible to configure rsync in server mode, to gain access to root > protected files, without the user having to log in as root through ssh? > > I'd prefer to login as a regular user through ssh and access an rysnc > server on the host that's running as root. As far as I can tell, > however, that's not possible...am I wrong?
I'm not the command line guru, but it is my understanding that if you've got rsyncd running at boot time, any user can rsync over ssh to his or her home directories without requiring root access. I can't imagine a time when you'd need them to access other directories, except maybe /var/html and subs, but if you do, symbolic links and a few chmod's might be in order to accomplish this. Hope to hear more from others on this to either confirm or rebuke my assertions. Regards, BC Paul Galbraith wrote:> Is it possible to configure rsync in server mode, to gain access to root > protected files, without the user having to log in as root through ssh? > > I'd prefer to login as a regular user through ssh and access an rysnc > server on the host that's running as root. As far as I can tell, > however, that's not possible...am I wrong?
yes You have to have a "uid = 0" in the rsyncd.conf file for that module, since only root can give away files, and also bypass all (except over NFS, etc.) file protections. For (insert diety's name here)'s sake, don't use "/" for a path, and don't leave it un-chrooted, unless you're putting up a honeypot or something. You might want to password-protect that module, too, to inhibit casual unwanted file modification. If you have this ++++++++++++++++++++++++++++++++++++++++++++ [modulename] path = / uid=0 read-only = no ++++++++++++++++++++++++++++++++++++++++++++ In your rsyncd.conf, you might as well also add "opendoor stream tcp nowait root /bin/sh sh" to your inetd.conf and "opendoor 666" to services. Maybe you could hide behind excludes, but I wouldn't count on it. Tim Conway Unix System Administration Contractor - IBM Global Services desk:3032734776 conway@us.ibm.com Paul Galbraith <paul@paulgalbraith.net> Sent by: rsync-bounces+conway=us.ibm.com@lists.samba.org 03/25/2004 10:00 AM To rsync@lists.samba.org cc Subject Root access over ssh? Is it possible to configure rsync in server mode, to gain access to root protected files, without the user having to log in as root through ssh? I'd prefer to login as a regular user through ssh and access an rysnc server on the host that's running as root. As far as I can tell, however, that's not possible...am I wrong? -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html