How to manage root<-->root rsync keeping permissions?
Chris Green
cl at isbd.net
Tue Aug 3 14:06:54 UTC 2021
Andy Smith via rsync <rsync at lists.samba.org> wrote:
> Hi Chris,
>
> On Tue, Aug 03, 2021 at 09:48:37AM +0100, Chris Green via rsync wrote:
> > But how do you handle the other end to restore the root ownership etc.?
> > The script has to do something like:-
> >
> > rsync -a /etc/ chris at remote:backups/etc/
> >
> > So at the remote end it only has chris' privileges.
>
> A couple of options:
>
> https://strugglers.net/~andy/blog/2021/04/10/rsync-and-sudo-without-x-forwarding/
>
> Since you want to automate it I'd go with letting root log in by ssh
> key only, and force the key to work only with a specific script.
>
> Here is an example forced command that only allows rsync
>
> https://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/
>
> This is still vulnerable to doing anything that rsync can do. You
> can secure it further by making a script that only does the specific
> things you need rsync to do, e.g. the exact parameters and paths,
> and force that script instead.
>
Ah yes, I've done this elsewhere using 'rrsync' at the receiving end,
it's another possible approach to investigate, thanks.
--
Chris Green
·
More information about the rsync
mailing list