Backing Up Files I Don't Own

[Tim Conway]

The obvious (and bad) idea is to use a suid rsync on the remote end. 
Fortunately, rsync notices that, and refuses to act like root unless it 
was invoked by a root-owned process.  Hack it if you want.

If you're comfortable with this, write a wrapper on the remote that does a 

sudo /usr/local/bin/rsync $@
and point to that wrapper with the --rsync-path= option.  I think the 
password prompt will come through stderr so you can respond to it - test 
it for yourself.  I doubt you want to leave a passwordless sudo open, but 
that may be the only way.

The safest (in my opinion) alternative that permits unattended operation 
is to expose the stuff you want to back up via a rsyncd, read-only, 
chrooted, password-protected, non-listed root-uided module.
If you have confidential information that will be exposed through this 
module, and your company's policy doesn't permit telnet, (sniffable 
passwords and uids), you probably don't want to do this.  Next is same, 
but add hosts allow = localhost, and get it through an ssh tunnel. That'll 
hide the rsync authentication, AND your data.
Regardless, don't make the uid:password combo for the module 
"root:rootspassword".  It'll be root access, but highly limited - no point 
in letting that little hole be a big one.

Tim Conway
Unix System Administration
Contractor - IBM Global Services
conway at us.ibm.com




CLIFFORD ILKAY <clifford_ilkay at dinamis.com> 
Sent by: rsync-bounces+conway=us.ibm.com at lists.samba.org
03/17/2004 01:09 AM

To
rsync at lists.samba.org
cc

Subject
Backing Up Files I Don't Own






Hi,

I need to back up all of /home on a remote server for which I have root 
access but cannot (and will not) do root logins via ssh. Of course if I 
attempt to rsync files that I don't own, rsync skips over them. My account 

is allowed to sudo, if that helps. How can I use rsync to do the 
following:

rsync -av --compress --progress --delete -e me at SomeRemoteServer:/home 
/home/buForSomeRemoteServer