Dr. Mark Asbach
2022-Mar-12 20:22 UTC
Trying to elevate rsync privileges when connecting over ssh without using NOPASSWD in sudoers
Hi there, hi past me,> My (non-working) attempt: > [?] > So it seems the "-l" is dropped into the void letting ssh assume USER was the target host? I don?t actually get what I can do.Turns out, I have to write down the description of my issue and then send the email before I magically understand the solution ;-) Here?s a working example that does not need a wrapper script: PASSWORD=<SUDOPASS> rsync -vv --delete-after --delay-updates '/bin/sh -c "{ echo $PASSWORD; cat - ; } | ssh -i ~/.ssh/id.key $0 $* &"' --rsync-path='sudo -S rsync? ./SRCDIR USER at HOST:DSTDIR The trick was actually to add "$0" because $* will drop the first argument from the list as this typically is the name of the script itself (duh!). Hope this is of help to anyone, Mark -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4652 bytes Desc: not available URL: <http://lists.samba.org/pipermail/rsync/attachments/20220312/1e570da1/smime.bin>
Dan Stromberg
2022-Mar-12 22:14 UTC
Trying to elevate rsync privileges when connecting over ssh without using NOPASSWD in sudoers
On Sat, Mar 12, 2022 at 12:23 PM Dr. Mark Asbach via rsync < rsync at lists.samba.org> wrote:> Hi there, hi past me, > > > My (non-working) attempt: > > [?] > > So it seems the "-l" is dropped into the void letting ssh assume USER > was the target host? I don?t actually get what I can do. > > Turns out, I have to write down the description of my issue and then send > the email before I magically understand the solution ;-) > > Here?s a working example that does not need a wrapper script: > > PASSWORD=<SUDOPASS> rsync -vv --delete-after --delay-updates '/bin/sh -c > "{ echo $PASSWORD; cat - ; } | ssh -i ~/.ssh/id.key $0 $* &"' > --rsync-path='sudo -S rsync? ./SRCDIR USER at HOST:DSTDIR > > The trick was actually to add "$0" because $* will drop the first argument > from the list as this typically is the name of the script itself (duh!). > > Hope this is of help to anyone, >Cool, glad you found a solution you're happy with. Bear in mind, putting a password in an environment variable can be seen by other users on the same system with "ps auxwwe". -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.samba.org/pipermail/rsync/attachments/20220312/34f86f0f/attachment.htm>