Secure Remote Backups (using SSH) - Using a backup user account

Michael Haertjens mhaertjens at
Mon Mar 21 22:23:28 GMT 2005

Hello David,

Though the information here is on a BSD web site, it should apply equally to 
any OS.

And if you do end up needing a root login for some reason, look into the 
"forced-commands-only" alternative for PermitRootLogin 
in /etc/ssh/sshd_config (assuming you would have it set to No otherwise).  If 
you go that route, you will want to run a script like the following to make 
sure that the only commands the root login will accept are to run rsync:

      echo "Rejected"
      echo "Rejected"
   rsync\ --server*)
      echo "Rejected"

The O'Reilly book on SSH discusses this in some detail.

Good luck

Mike Haertjens

On Monday 21 March 2005 04:13 pm, David Nicholls wrote:
> Hash: SHA1
> Hi There.
> I am very sorry for the complete noob question :)
> I was looking at the basic remote rsync backup artical at:
> I am backing up various servers, both locally and remotely. I am only
> interested in backing up /home and /var/log I can do almost everything
> as a user backup, with the other users being members of group backup
> with read permissions on all the relevant files needed to backup.
> However, I also need to backup an email server which uses MailDir. The
> default permissions of which are dwrx------, so cannot be placed into
> the backup group.
> I don't want to 'auto' ssh using the root account, for obvious reasons,
> I also do not think it a good idea to change the default permissions on
> the MailDir directories!
> I just wondered if some kind soul would give me a pointer! Obviously I
> need to make the solution as secure as possible and I'm sure there is
> some stupidly obvious solution, but for once google isn't helping! :)
> As a possible answer to my own question, if I do not run rsync as a
> daemon, when I invoke the rsync command, does it read settings from
> rsyncd.conf? If so I can ssh using the backup user and run rsync as root?
> Thanks
> Dave
> Version: GnuPG v1.2.5 (GNU/Linux)
> iD8DBQFCPzkC62r58u1gKlkRAiV9AKCPKYobw+4DARy4qHp95sdQscG/gQCeJBPn
> 1Re2gOEeQvoL1mLTnV6eBhM=
> =9Hvq

More information about the rsync mailing list