osx remote backup wrong permissions
Robert DuToit
rdutoit at comcast.net
Thu Nov 4 15:36:38 MDT 2010
Hi All,
On Oct 31, 2010, at 5:12 PM, Wayne Davison wrote:
> On Sun, Oct 31, 2010 at 10:57 AM, Robert DuToit <rdutoit at comcast.net> wrote:
> Does the server (or other computer in this case) always need a root account established for this to work? I tried everything else and the owner always became that of the remote user.
>
> The user running the receiving rsync needs to be able to "chown" things (change a file's ownership). Rsync only attempts to chown files if (1) the running user ID is 0 (typically "root") or (2) the --super option was used. See the manpage for what --super affects.
I've been wrestling with this all week and basically.
It is fairly easy to run non-attended backups with rsync using the PKA dsa keys with various security measures, either with passwords and ssh-agent or, without password with limits on the receiver for the allowed users, command etc…
But doing that and preserving ownership ( chown ) on the receiver is another matter.
No problem with enabling the root account but that is definitely not a good thing to do on a permanent basis. So:
So far transferring a test folder with system privileges to preserve, I found using sudo on the remote rsync path to work but you have to edit the sudoers file (not for the faint of heart) to allow noPasswd for the admin user if you want to not be asked for password on the remote side.
the remoteUserName = my admin account on the remote side.
sudo /rsync -aNHAXx --protect-args --fileflags --protect-decmpfs --force-change --stats --progress -v --rsync-path="sudo /rsync " /var/audit remoteUserName at 192.168.11.2:/Users/remoteUserName/Desktop
again I can set this up but wouldn't suggest someone else modifying sudoers with visudo.
So I tried Mike's suggested method and set up the keys in the root .ssh folder and the authorized_keys file in the remote root .ssh folder:
http://www.afp548.com/netboot/mactips/rsync.html
sudo ssh-keygen -t dsa -f /private/var/root/.ssh/id_dsa -C "your comment"
sudo cat /private/var/root/.ssh/id_dsa.pub | ssh root at 192.168.11.2 'cat - >> ~/.ssh/authorized_keys'
local/Path/To/rsync -aNHAXx --protect-args --fileflags --force-change --rsync-path="/usr/local/bin/rsync" /var/audit root at 192.168.11.2:/Users/remoteUserName/Desktop
all permissions set appropriately etc.
But every time I run this it prompts for password three times and fails with Permission denied
~ $ ssh remote at 192.168.11.2
The authenticity of host '192.168.15.2 (192.168.15.2)' can't be established.
RSA key fingerprint is 0c:aa:76:ca:89:54:dd:49:13:c7:dd:09:ee:19:7d:8c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.15.2' (RSA) to the list of known hosts.
Password:
Password:
Password:
Permission denied (publickey,keyboard-interactive).
I tried specifying the "-e ssh -i /private/var/root/.ssh/id_dsa" in the rsync line but that throws same error- Actually it says "access denied for /private/var/root/.ssh/id_dsa - no such file etc.."
I have been using CCC with Mike's packaged keys for some time and that works great but my own setup doesn't. Not sure what the dif is here.
If anyone, or Mike if you are out there, has some input I would be grateful. I have my own rsync wrapper app and would like to be able to get this working for it.
Thanks, Rob
>
> ..wayne..
More information about the rsync
mailing list