Root access over ssh?

Paul Galbraith paul at
Fri Mar 26 19:30:48 GMT 2004

Tim Conway wrote:
> You have to have a "uid = 0" in the rsyncd.conf file for that module, 
> since only root can give away files, and also bypass all (except over NFS, 
> etc.) file protections.
> For (insert diety's name here)'s sake, don't use "/" for a path, and don't 
> leave it un-chrooted, unless you're putting up a honeypot or something.
> You might want to password-protect that module, too, to inhibit casual 
> unwanted file modification.

I know it sounds sick.  I've got a remote box that I want to back up 
/etc, /var, and /home.  I wanted to use rsync to do this because my 
current method (tar, encrypt with openssl and leave on the ftp server) 
is taking too long over the remote connection.

I was trying to run rsync as a server on the remote box, but with port 
873 blocked by a packet filter, so that ssh was the only way to get 
remote access to rsync.  I DO have a root module, protected by an rsync 
secret, but I share your discomfort...I just can't think of a better 

At any rate, when I try to run rsync from my workstation across the 
'net, rsync complains that it can't find rsyncd.conf (which is in /etc). 
  My impression is that when run as a server over a remote ssh 
connection, rsync is being started up as a process under the ssh user's 
account, instead of connecting to the root rsync server that I've got 
running out of inetd.  Am I missing something?

> you might as well also add "opendoor    stream  tcp     nowait  root 
> /bin/sh sh" to your inetd.conf and "opendoor    666" to services.

Hmmm, thanks for the advice, I tried this, but my rsync still isn't working.

More information about the rsync mailing list