From: Carl W. S. <ch...@re...> - 2011-03-21 12:51:13
|
On 03/18 06:46 , Neal Becker wrote: > I'm interested in setting up linux->linux backup. I don't like the idea of > giving permission for machine1 as user backup to ssh to machine2 as root. What > are the options? > > 1. Can ssh be restricted so that the only command user backup can run is rsync? Create a new user for backuppc to log in as. I typically use 'rsyncbakup'. In your ~rsyncbakup/.ssh/authorized_keys file, try something like this: no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="sudo /usr/bin/rsync --server --sender -logDtpr --exclude='/proc/*' --exclude='/mnt/*' --exclude='/sys/*' --exclude='/tmp/*' --exclude='/var/tmp/*' --exclude='/var/cache/apt/archives/*' --exclude='/var/log/*' --delete --numeric-ids --block-size=2048 . /" ssh-dss AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ho...@ex... > 2. Is there an easy way (using acls?) to give a user backup read access to > everything (probably not) in /etc/sudoers: rsyncbakup ALL= NOPASSWD: /usr/bin/rsync You will also need to set this in your /etc/backuppc/config.pl, or in the per-host config file for each host you want to back up this way: $Conf{RsyncClientCmd} = '$sshPath -q -x -l rsyncbakup $host $rsyncPath $argList+'; -- Carl Soderstrom Systems Administrator Real-Time Enterprises www.real-time.com |