Using rsync to mirror directories where root owns file, using non-root user to initiate session

Karl O. Pinc kop at meme.com
Wed Jun 20 22:54:22 MDT 2012


On 06/20/2012 10:40:57 PM, Kevin Korb wrote:
> On 06/20/12 21:53, Karl O. Pinc wrote:
> > On 06/20/2012 05:29:09 PM, Kevin Korb wrote:

> > Somehow or another you need root access on the remote side in order
> > to properly set permissions. 


> Not permissions, ownership.

Quite right.  I shouldn't be writing emails when otherwise occupied.
Sorry.


> > rsync -av -e "ssh -l ssh-user" rsync-user at host::module /dest
> 
> Now you are talking rsyncd over ssh. Still as root.  The benefit is
> minimal at best.

My point here is to show the '-e "ssh -l ssh-user"', allowing the local 
end to be non-root while the remote end is root; an example invocation
independent of whether rrsync is the command
executed on the remote end or not.  (I'm a bit confused.
Minimal as compared to what, rrsync?)

I agree that rrsync is probably the best option for
the original poster's use case, at least if he
wants to stick with userspace solutions.  I agree that command=
I supplied at the top of my post does not provide
much in the way of security on the remote end, short
of using chroot in rsyncd.conf.   I should have
been more careful in writing the post.  

The "right way", ideally, avoids all the kludgeyness of restricted
shell-like things, chroots, and so forth, and instead
uses a linux container (lxc) on the remote side for every
user on the local side.  The local user would connect
in as root to the remote container and the container
would prevent shenanigans.  It's what containers
are for.  How much sense this makes for RH 5 I can't say.



Karl <kop at meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein



More information about the rsync mailing list