Root access over ssh?
Paul Galbraith
paul at paulgalbraith.net
Fri Mar 26 19:30:48 GMT 2004
Tim Conway wrote:
>
> You have to have a "uid = 0" in the rsyncd.conf file for that module,
> since only root can give away files, and also bypass all (except over NFS,
> etc.) file protections.
>
> For (insert diety's name here)'s sake, don't use "/" for a path, and don't
> leave it un-chrooted, unless you're putting up a honeypot or something.
>
> You might want to password-protect that module, too, to inhibit casual
> unwanted file modification.
I know it sounds sick. I've got a remote box that I want to back up
/etc, /var, and /home. I wanted to use rsync to do this because my
current method (tar, encrypt with openssl and leave on the ftp server)
is taking too long over the remote connection.
I was trying to run rsync as a server on the remote box, but with port
873 blocked by a packet filter, so that ssh was the only way to get
remote access to rsync. I DO have a root module, protected by an rsync
secret, but I share your discomfort...I just can't think of a better
solution.
At any rate, when I try to run rsync from my workstation across the
'net, rsync complains that it can't find rsyncd.conf (which is in /etc).
My impression is that when run as a server over a remote ssh
connection, rsync is being started up as a process under the ssh user's
account, instead of connecting to the root rsync server that I've got
running out of inetd. Am I missing something?
> you might as well also add "opendoor stream tcp nowait root
> /bin/sh sh" to your inetd.conf and "opendoor 666" to services.
Hmmm, thanks for the advice, I tried this, but my rsync still isn't working.
More information about the rsync
mailing list