getting rid of "permission denied" partial transfer errors

Tom Allen tallen at 10east.com
Wed Dec 24 03:30:55 EST 2003


> Ah, I see.  Sounds like you're down to either running as root on both 
> ends, or ignoring errors.
>
> Have you considered using sudo such that the fileserver isn't actually 
> logging into the backupserver as root, but only logging in as a 
> heavily *un*privileged account which can do nothing but run a script 
> chmodded 750 and chowned root.backup, which then sudo's rsync to do 
> your bidding?
>
>
Or he could use SSH2 keys and an authorized_keys2 file, with ssh set to 
allow root on forced-command-only.  This would prevent root logins, but 
allow a single box (or boxes) to rsync in and have read-only access to a 
specific share.  Or you could create a passwordless uid 0 user 
specifically for this purpose.  If you were really paranoid, the 
forced-command could be a script to check for abnormal behaviors and 
bail out if something is fishy.  There's multiple layers of 
authentication (the key itself, the from-host of ssh, and the allowed 
host in rsync), and exactly what is backed up can be pretty locked down 
and chrooted to prevent intentional or unintentional misuse.

Tom





More information about the rsync mailing list