How to manage root<-->root rsync keeping permissions?
andy at strugglers.net
Tue Aug 3 10:51:34 UTC 2021
On Tue, Aug 03, 2021 at 09:48:37AM +0100, Chris Green via rsync wrote:
> But how do you handle the other end to restore the root ownership etc.?
> The script has to do something like:-
> rsync -a /etc/ chris at remote:backups/etc/
> So at the remote end it only has chris' privileges.
A couple of options:
Since you want to automate it I'd go with letting root log in by ssh
key only, and force the key to work only with a specific script.
Here is an example forced command that only allows rsync
This is still vulnerable to doing anything that rsync can do. You
can secure it further by making a script that only does the specific
things you need rsync to do, e.g. the exact parameters and paths,
and force that script instead.
More information about the rsync