Trying to elevate rsync privileges when connecting over ssh without using NOPASSWD in sudoers

Dr. Mark Asbach mark.asbach at pixolus.de
Fri Mar 11 17:06:39 UTC 2022


Hi Dan,

> Why not rsync directly as root?  Then you can use a passwordless, passphraseless RSA (or similar) keypair.

That’s because these are cloud instances that get maintained by multiple admins. If we require all of them to log in as root, we would have to share the root password – and that would on one hand be a security/maintainability issue (if one person leaves the team, we’ll have to change and redistribute the root password), on the other hand it would violate accountability (log files would only show logins by „root“ and after an issue, there would be no chance to know whom to ask about strange things). Both are the typical reasons for not using root accounts but going for sudo instead …

Thanks anyway. Every idea helps!

Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4652 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/rsync/attachments/20220311/e2036184/smime.bin>


More information about the rsync mailing list