Backing Up Files I Don't Own

Tim Conway conway at
Wed Mar 17 16:05:28 GMT 2004

The obvious (and bad) idea is to use a suid rsync on the remote end. 
Fortunately, rsync notices that, and refuses to act like root unless it 
was invoked by a root-owned process.  Hack it if you want.

If you're comfortable with this, write a wrapper on the remote that does a 

sudo /usr/local/bin/rsync $@
and point to that wrapper with the --rsync-path= option.  I think the 
password prompt will come through stderr so you can respond to it - test 
it for yourself.  I doubt you want to leave a passwordless sudo open, but 
that may be the only way.

The safest (in my opinion) alternative that permits unattended operation 
is to expose the stuff you want to back up via a rsyncd, read-only, 
chrooted, password-protected, non-listed root-uided module.
If you have confidential information that will be exposed through this 
module, and your company's policy doesn't permit telnet, (sniffable 
passwords and uids), you probably don't want to do this.  Next is same, 
but add hosts allow = localhost, and get it through an ssh tunnel. That'll 
hide the rsync authentication, AND your data.
Regardless, don't make the uid:password combo for the module 
"root:rootspassword".  It'll be root access, but highly limited - no point 
in letting that little hole be a big one.

Tim Conway
Unix System Administration
Contractor - IBM Global Services
conway at

CLIFFORD ILKAY <clifford_ilkay at> 
Sent by: at
03/17/2004 01:09 AM

rsync at

Backing Up Files I Don't Own


I need to back up all of /home on a remote server for which I have root 
access but cannot (and will not) do root logins via ssh. Of course if I 
attempt to rsync files that I don't own, rsync skips over them. My account 

is allowed to sudo, if that helps. How can I use rsync to do the 

rsync -av --compress --progress --delete -e me at SomeRemoteServer:/home 

More information about the rsync mailing list