Not all files copied
Kevin Korb
kmk at sanitarium.net
Mon Nov 14 11:15:49 MST 2011
There was more in there than just sudo or rsyncd. In fact the FAQ
advises against using sudo.
The main thing I wanted to show you was how to setup sshd to only allow
root to log in via an ssh key and to restrict that ssh key to only being
allowed to run rsync. That is much easier and more secure than setting
up rsyncd with uid=0
On 11/14/11 12:56, Mike Brown wrote:
> On Mon, Nov 14, 2011 at 12:42:55PM -0500, Kevin Korb wrote:
>> http://www.sanitarium.net/rsyncfaq/#sudo
>
> You either set up a rsyncd.conf file (easily done) and run rsync as a daemon
> or set up sudo. I don't have sudo set up, so 6 of one, half dozen of the
> other :-)
>
>> This might be a good idea. It is a fairly common question. OTOH,
>> launching as root to be able to bind to a privileged port# then dropping
>> privileges to user nobody is fairly common in services designed to
>> distribute data. Such as Apache.
>
> Being common and actually doing that are two different things. One doesn't
> know that is being done unless told and right now that warning, not even a
> warning actually, is buried in the rsycnd.conf man page.
>
> But, as you say, it is a common question, so maybe something along the line
> of what I suggested should be in the rsync man page, in a section that should
> be seen by users. I certainly read the section I suggested. :-)
>
> Well, soon I'll be starting the transfer of 1TB of data to the new 4TB raid.
>
> MB
--
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
Kevin Korb Phone: (407) 252-6853
Systems Administrator Internet:
FutureQuest, Inc. Kevin at FutureQuest.net (work)
Orlando, Florida kmk at sanitarium.net (personal)
Web page: http://www.sanitarium.net/
PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
More information about the rsync
mailing list