Rsync over ssh with root privileges
kmk at sanitarium.net
Mon Jul 23 10:17:58 MDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
The syntax is explained here: http://sanitarium.net/rsyncfaq/#sudo
Even though I wrote that particular FAQ entry I have never actually
tried it as I think it is a rather silly use of sudo.
> sudo rsync -avP --exclude 'proc' --exclude 'dev' --exclude 'tmp'
> --exclude 'sys' --exclude 'mnt' --rsync-path='sudo rsync' -e "ssh
> -t -t -i /home/USER/.ssh/key" USER at SERVER:/ /mnt/backup/
My first though is that if you configure sudo to not require a
password and drop the -t -t in the ssh part it will probably work.
My second thought is that you would be far better off just doing the
ssh as root using a restricted key. To do that I would suggest:
1. In the server's sshd_config set:
2. In the server's /root/.ssh/authorized_keys file:
from="hostname of your system","command=/path/to/rrsync -ro /" ssh-rsa
This will allow the ssh key that you are using to only work from the
specified host name and to only be able to run rsync and in read-only
mode. This will allow for the simple mirroring of a system which
appears to be what you are trying. Note that if your distro doesn't
include rrsync with rsync it is a perl script that is in the support
directory of the rsync source tarball.
The without-password option sounds a bit scary but what it means is
that root is not allowed to log in via a password but only via keys
that have been authorized.
My third though is that if you are mirroring a system you probably
want --hard-links and you might want --numeric-ids.
And my final thought is that if you want backups instead of just
simple mirroring then look into --link-dest.
On 07/23/12 03:53, Stayvoid wrote:
>> Since you are using sudo on the remote end have you configured it
>> to not require a password for that user to run rsync?
> No, I haven't. Could you tell me how to do it?
> And what about the syntax? Is it ok?
Kevin Korb Phone: (407) 252-6853
Systems Administrator Internet:
FutureQuest, Inc. Kevin at FutureQuest.net (work)
Orlando, Florida kmk at sanitarium.net (personal)
Web page: http://www.sanitarium.net/
PGP public key available on web site.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the rsync