Andy Smith via rsync <rsync at lists.samba.org> wrote:> Hi Chris, > > On Tue, Aug 03, 2021 at 11:48:31AM +0100, Chris Green via rsync wrote: > > If I used the --super option (in a command like the one above) and > > chris can run rsync as root on the remote end (via options in the > > sudoers file) will this do what I want? I guess I can go away and try > > it! :-) > > You don't need --super if the remote side actually is running as > root (either because you logged in as "root" or you logged in as > "chris" but told it to execute "sudo rsync"). >Remember, as I said, this is all Debianland with no real root login, while I could add one I'd prefer not to.> If you're going to use sudo then you'll want to set it NOPASSWD so > it doesn't ask for a sudo password. Possibly restricting that only > to uses of rsync or a specific script, otherwise it is giving > "chris" blanket sudo access without a password. >Yes, I've set it up so chris can run rsync with root permissions. However I'm not quite sure how to get it to work as one needs to say "sudo rsync" to get the root privilege. How do you do that? -- Chris Green ?
Hello, On Tue, Aug 03, 2021 at 03:05:27PM +0100, Chris Green via rsync wrote:> Remember, as I said, this is all Debianland with no real root login, > while I could add one I'd prefer not to.Your system already has a root user and if you added an SSH public key to its authorized_keys file (and allowed root login by public key only in sshd_config) then SSH login would work. The only form of login you would have added is "by this specific ssh key". The account could still remain password locked as it is now. It is difficult for me to see why such a setup would be inherently more secure than one where a regular user account can do absolutely anything (i.e. run rsync as root without password prompt), especially given that a regular user account is likely to run a lot of other software some of which may have bugs. But we all choose our security stance.> I've set it up so chris can run rsync with root permissions. > However I'm not quite sure how to get it to work as one needs to say > "sudo rsync" to get the root privilege. How do you do that?The first link I sent you had an example of that: --rsync-path="sudo rsync" Cheers, Andy