Menu
▾
▴
Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer)
|
From: Jeffrey J. K. <bac...@ko...> - 2009-12-04 00:12:00
|
Very helpful. A few small nits... Carl Wilhelm Soderstrom wrote at about 16:58:08 -0600 on Thursday, December 3, 2009: > chown -R rsyncbackup:users ~rsyncbackup/.ssh > chmod 700 ~rsyncbackup/.ssh I would do '600'. No need to make it executable. > Now edit /etc/sudoers with the 'visudo' command and add some lines to allow the rsyncbackup user to run the rsync command as root, thereby giving them access to the whole filesystem. (Without allowing other commands to be run with access to the whole filesystem). > # allow backup user to run rsync as root > rsyncbackup ALL= NOPASSWD: /usr/bin/rsync For a slight bit of incremental security, I do: ALL=NOPASSWD: /usr/bin/rsync --server --sender * which I believe restricts to read only (but it's not well documented). Assuming that's true, then a hacker could not get write access to your system (and of course write access is equivalent to full ownership). > Rsync protocols >26 should work (maybe lower, don't know); I think protocol v28 is the current one. the protocol version is apparent when you run backuppc_dump by hand. if there is a protocol mismatch; the connections will open, and the rsync process start; but nothing will be transferred. Current version is at least 30 though perl-File-RsyncP only supports up to protocol 28. Still, having a 3.0+ version is beneficial in terms of more efficient memory usage. Also, version 3.0 is helpful on Windows to avoid various rsync errors. |
