getting rid of "permission denied" partial transfer errors

Sayan Sebastien.Li-thiao-te at crans.org
Mon Jan 5 16:26:15 GMT 2004


Jim Salter wrote:
>> yeah, except that the directory is not 700 but 600, so even user backup
>> cannot traverse it... but root can.
> 
> Have you considered using sudo such that the fileserver isn't actually 
> logging into the backupserver as root, but only logging in as a heavily 
> *un*privileged account which can do nothing but run a script chmodded 
> 750 and chowned root.backup, which then sudo's rsync to do your bidding?
> 
Sorry for the late reply.
I have been thinking about this, but i can't figure out how to use sudo 
effectively. You are suggesting to use sudo to run the script. However, 
my concern is that to run rsync inside the script, root priviledges must 
be granted to some user (remember the ssh shell), so that triggering 
synchronization is possible, but the script needs rights to log as root 
at the other end.

> When I use an SSH transport, that's how I use it.  My servers won't 
> allow remote root login to begin with (and that's the way I like it), 
> and by doing it that way there's really nothing that compromising the 
> backup account can do other than give someone the ability to run my 
> daily backups for me.  Not too scary, that.
> 
Does the backup script have read access to the files? Mine doesn't, as 
stated above, and that's where everything screws up. :-(

By the way, can a user be granted read access of everything without any 
other right? I have chosen to ignore the errors, but i am still curious.

-- 
Sayan


More information about the rsync mailing list