How to manage root<-->root rsync keeping permissions?

Andy Smith andy at strugglers.net
Tue Aug 3 10:51:34 UTC 2021


Hi Chris,

On Tue, Aug 03, 2021 at 09:48:37AM +0100, Chris Green via rsync wrote:
> But how do you handle the other end to restore the root ownership etc.?
> The script has to do something like:-
> 
>     rsync -a /etc/ chris at remote:backups/etc/
> 
> So at the remote end it only has chris' privileges.

A couple of options:

    https://strugglers.net/~andy/blog/2021/04/10/rsync-and-sudo-without-x-forwarding/

Since you want to automate it I'd go with letting root log in by ssh
key only, and force the key to work only with a specific script.

Here is an example forced command that only allows rsync

    https://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/

This is still vulnerable to doing anything that rsync can do. You
can secure it further by making a script that only does the specific
things you need rsync to do, e.g. the exact parameters and paths,
and force that script instead.

Cheers,
Andy



More information about the rsync mailing list