The obvious (and bad) idea is to use a suid rsync on the remote end.
Fortunately, rsync notices that, and refuses to act like root unless it
was invoked by a root-owned process. Hack it if you want.
If you're comfortable with this, write a wrapper on the remote that does a
sudo /usr/local/bin/rsync $@
and point to that wrapper with the --rsync-path= option. I think the
password prompt will come through stderr so you can respond to it - test
it for yourself. I doubt you want to leave a passwordless sudo open, but
that may be the only way.
The safest (in my opinion) alternative that permits unattended operation
is to expose the stuff you want to back up via a rsyncd, read-only,
chrooted, password-protected, non-listed root-uided module.
If you have confidential information that will be exposed through this
module, and your company's policy doesn't permit telnet, (sniffable
passwords and uids), you probably don't want to do this. Next is same,
but add hosts allow = localhost, and get it through an ssh tunnel. That'll
hide the rsync authentication, AND your data.
Regardless, don't make the uid:password combo for the module
"root:rootspassword". It'll be root access, but highly limited -
no point
in letting that little hole be a big one.
Tim Conway
Unix System Administration
Contractor - IBM Global Services
conway@us.ibm.com
CLIFFORD ILKAY <clifford_ilkay@dinamis.com>
Sent by: rsync-bounces+conway=us.ibm.com@lists.samba.org
03/17/2004 01:09 AM
To
rsync@lists.samba.org
cc
Subject
Backing Up Files I Don't Own
Hi,
I need to back up all of /home on a remote server for which I have root
access but cannot (and will not) do root logins via ssh. Of course if I
attempt to rsync files that I don't own, rsync skips over them. My account
is allowed to sudo, if that helps. How can I use rsync to do the
following:
rsync -av --compress --progress --delete -e me@SomeRemoteServer:/home
/home/buForSomeRemoteServer