Rsync over ssh with root privileges

Kevin Korb kmk at
Mon Jul 23 10:17:58 MDT 2012

Hash: SHA1

The syntax is explained here:
Even though I wrote that particular FAQ entry I have never actually
tried it as I think it is a rather silly use of sudo.

> sudo rsync -avP --exclude 'proc' --exclude 'dev' --exclude 'tmp' 
> --exclude 'sys' --exclude 'mnt' --rsync-path='sudo rsync' -e "ssh
> -t -t -i /home/USER/.ssh/key" USER at SERVER:/  /mnt/backup/

My first though is that if you configure sudo to not require a
password and drop the -t -t in the ssh part it will probably work.

My second thought is that you would be far better off just doing the
ssh as root using a restricted key.  To do that I would suggest:
1. In the server's sshd_config set:
PermitRootLogin without-password
2. In the server's /root/.ssh/authorized_keys file:
from="hostname of your system","command=/path/to/rrsync -ro /" ssh-rsa

This will allow the ssh key that you are using to only work from the
specified host name and to only be able to run rsync and in read-only
mode.  This will allow for the simple mirroring of a system which
appears to be what you are trying.  Note that if your distro doesn't
include rrsync with rsync it is a perl script that is in the support
directory of the rsync source tarball.

The without-password option sounds a bit scary but what it means is
that root is not allowed to log in via a password but only via keys
that have been authorized.

My third though is that if you are mirroring a system you probably
want --hard-links and you might want --numeric-ids.

And my final thought is that if you want backups instead of just
simple mirroring then look into --link-dest.

On 07/23/12 03:53, Stayvoid wrote:
> Kevin,
>> Since you are using sudo on the remote end have you configured it
>> to not require a password for that user to run rsync?
> No, I haven't. Could you tell me how to do it?
> And what about the syntax? Is it ok?

- -- 
	Kevin Korb			Phone:    (407) 252-6853
	Systems Administrator		Internet:
	FutureQuest, Inc.		Kevin at  (work)
	Orlando, Florida		kmk at (personal)
	Web page:
	PGP public key available on web site.
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the rsync mailing list