getting rid of "permission denied" partial transfer errors
Tom Allen
tallen at 10east.com
Wed Dec 24 03:30:55 EST 2003
> Ah, I see. Sounds like you're down to either running as root on both
> ends, or ignoring errors.
>
> Have you considered using sudo such that the fileserver isn't actually
> logging into the backupserver as root, but only logging in as a
> heavily *un*privileged account which can do nothing but run a script
> chmodded 750 and chowned root.backup, which then sudo's rsync to do
> your bidding?
>
>
Or he could use SSH2 keys and an authorized_keys2 file, with ssh set to
allow root on forced-command-only. This would prevent root logins, but
allow a single box (or boxes) to rsync in and have read-only access to a
specific share. Or you could create a passwordless uid 0 user
specifically for this purpose. If you were really paranoid, the
forced-command could be a script to check for abnormal behaviors and
bail out if something is fishy. There's multiple layers of
authentication (the key itself, the from-host of ssh, and the allowed
host in rsync), and exactly what is backed up can be pretty locked down
and chrooted to prevent intentional or unintentional misuse.
Tom
More information about the rsync
mailing list