Client-initiated backup and file ownership

[Andrew Gideon]

This is less a question about rsync and more about how rsync can be used as
a backup solution in a particular case.  If one of the tools built over
rsync for this purpose solves this, I'm eager to hear how.  Otherwise,
suggestions are welcome.

Server-initiated backups are easy.  The rsync process can run as root on the
backup server, and so it can set the stored files' ownerships as desired. 
Of course, there are other advantages to server-initiated backup, but the
file ownership issue is relevant to my question.

As nice as server-initiated backup is, there are certain cases where it
doesn't work.  A fine example of this is my laptop.  As a mobile machine,
at any given time it might be connected or disconnected.  More, when
connected it has an arbitrary and unpredictable IP.  Finally, it is often
behind some type of "NAT" solution.

At first blush, it seems that these conditions preclude server-initiated
backup.  That leaves client-initiated.

However, as a mobile machine it is vulnerable.  Therefore, one thing it
absolutely cannot have is root access to the backup server (ignoring the
question of whether SSH as root into the backup server is even permitted in
any case).  So when the laptop runs rsync it copies the data to a non-root
login on the backup server.

That use of a non-root login has an important implication: all files written
are owned by that non-root login.  For "home directory" type of data, this
is fine.  But I'd like to be able to backup application/system directories
(ie. /usr, /opt, etc.).  Ideally, this is done with file ownership
preserved.

And client-initiated backup doesn't permit this (w/o permitting remote root
access, which is just Not Happening).

So is there a way around this?  I was thinking about having the client run a
program on the backup server which causes the usual server-initiated backup
to occur.  But how would this work if the laptop is behind a NAT device?

 - Andrew