rsync - Oct 2018 - Security issues when rsyncing directories as root

Hi,

I am using rsync to keep two directores on two servers in sync. Machine
A, the "client" is the one where the rsync process is invoked, which
then logs into Machine B, the "server" as root with ssh and a key. The
key is restricted in /root/.ssh/authorized_keys to a script that checks
wither $SSH_ORIGINAL_COMMAND matches the rsync --server command that I
expect, such as, for example,
rsync --server -re.iLsfxC --delete . /etc/dhcp/synced/

Unfortunately, this is rather restrictive and unflexible.

Things would be easier if rsync would have an option like
--restrict-write, making rsync not write anywhere outside the path given
there. That way, my script would be easier an I would only need to check
server-wise whether the command line being called contains the
--restrict-write option with the correct directory.

Would that make sense? Or am I more in the market for an rsync daemon
with the "path" and "write only" options set? If so, would I
need to
have an rsync daemon _running_ on the remote side if I use the rsync
--rsh=ssh /path/to/local/dir host::module syntax?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im
Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Use rrsync.  It comes with rsync (some silly Linux distros install it as
documentation instead of a helper script so you have to decompress it
and chmod +x it).  It is a perl script with all the documentation in the
comments.

Yes, it can be done with rsyncd as you described.  The rsyncd.conf file
would be in /root.  But rrsync is easier.

On 10/18/2018 10:31 AM, Marc Haber via rsync wrote:
> Hi,
> 
> I am using rsync to keep two directores on two servers in sync. Machine
> A, the "client" is the one where the rsync process is invoked,
which
> then logs into Machine B, the "server" as root with ssh and a
key. The
> key is restricted in /root/.ssh/authorized_keys to a script that checks
> wither $SSH_ORIGINAL_COMMAND matches the rsync --server command that I
> expect, such as, for example,
> rsync --server -re.iLsfxC --delete . /etc/dhcp/synced/
> 
> Unfortunately, this is rather restrictive and unflexible.
> 
> Things would be easier if rsync would have an option like
> --restrict-write, making rsync not write anywhere outside the path given
> there. That way, my script would be easier an I would only need to check
> server-wise whether the command line being called contains the
> --restrict-write option with the correct directory.
> 
> Would that make sense? Or am I more in the market for an rsync daemon
> with the "path" and "write only" options set? If so,
would I need to
> have an rsync daemon _running_ on the remote side if I use the rsync
> --rsh=ssh /path/to/local/dir host::module syntax?
> 
> Greetings
> Marc
> 
-- 
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,
	Kevin Korb			Phone:    (407) 252-6853
	Systems Administrator		Internet:
	FutureQuest, Inc.		Kevin at FutureQuest.net  (work)
	Orlando, Florida		kmk at sanitarium.net (personal)
	Web page:			https://sanitarium.net/
	PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/rsync/attachments/20181018/aee470cc/signature.sig>