You are not logged in.
Goal: use rsync over ssh to backup directories with varying owners and permissions without ssh'ing as root.
Example code:
# rsync -avxuP -e 'ssh -c arcfour128' --delete-after /home/ facade@nas:/mnt/backups/
Since the user 'facade' on the server 'nas' does not have permissions to write dirs/files that are owned by others users which reside under /home on the source box, how can I accomplish the rsync of /home without sshing as root? What am I missing
Last edited by graysky (2012-09-17 12:56:30)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
if you are in a local network and don't necessarily need the encryption provided by ssh, you could use rsync in daemon mode (man rsyncd.conf).
Offline
@65kid - True... but if I do want encryption, what are my options?
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
Rsync daemon can be accessed via SSH also... maybe I do not understand the problem, but ssh is only a transport channel and once the connection is made, you can use whetever rsync user you want.
Offline
Rsync daemon can be accessed via SSH also... maybe I do not understand the problem, but ssh is only a transport channel and once the connection is made, you can use whetever rsync user you want.
Right, but I do not want to connect as root in order to send directories from other users. Example:
/backup/user1 has permissions of drwx------ user1:users
/backup/user2 has permissions of drwx------ user2:users
If I want to rsync /backup/ to the remove box as user1, I cannot since user1 cannot read user2's dirs/files under /backup.
# rsync -avxuP -e 'ssh -c arcfour128' --delete-after /backup/ user1@nas:/mnt/backups/
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
I was thinking more of
rsync ... -e 'ssh -l unprivileged-ssh-user' rsync-daemon-user@host::module ...
together with
[module]
...
uid=root
so, rsync works as root, but no root login via ssh has to be allowed and no root credentials are needed.
Another solution, not involving root at all (except from setup) may be setting default ACL, granting to one special backup user read access to backed up tree.
Edit: ah, I was so used to my "client never initiates backup" policy, I have overlooked that you use this direction. So, what about --fake-user then? I have never used it, but seems relevant.
Last edited by briest (2012-09-20 18:17:58)
Offline