You are not logged in.

#1 2012-09-17 12:56:09

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Dealing with permissions when using rsync over ssh

Goal: use rsync over ssh to backup directories with varying owners and permissions without ssh'ing as root.

Example code:

# rsync -avxuP -e 'ssh -c arcfour128' --delete-after /home/ facade@nas:/mnt/backups/

Since the user 'facade' on the server 'nas' does not have permissions to write dirs/files that are owned by others users which reside under /home on the source box, how can I accomplish the rsync of /home without sshing as root?  What am I missing smile

Last edited by graysky (2012-09-17 12:56:30)


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#2 2012-09-17 13:02:31

65kid
Member
From: Germany
Registered: 2011-01-26
Posts: 663

Re: Dealing with permissions when using rsync over ssh

if you are in a local network and don't necessarily need the encryption provided by ssh, you could use rsync in daemon mode (man rsyncd.conf).

Offline

#3 2012-09-17 13:14:37

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: Dealing with permissions when using rsync over ssh

@65kid - True... but if I do want encryption, what are my options?


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#4 2012-09-18 20:04:46

briest
Member
From: Katowice, PL
Registered: 2006-05-04
Posts: 468

Re: Dealing with permissions when using rsync over ssh

Rsync daemon can be accessed via SSH also... maybe I do not understand the problem, but ssh is only a transport channel and once the connection is made, you can use whetever rsync user you want.

Offline

#5 2012-09-18 21:34:57

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: Dealing with permissions when using rsync over ssh

briest wrote:

Rsync daemon can be accessed via SSH also... maybe I do not understand the problem, but ssh is only a transport channel and once the connection is made, you can use whetever rsync user you want.

Right, but I do not want to connect as root in order to send directories from other users.  Example:

/backup/user1 has permissions of drwx------ user1:users
/backup/user2 has permissions of drwx------ user2:users

If I want to rsync /backup/ to the remove box as user1, I cannot since user1 cannot read user2's dirs/files under /backup.

# rsync -avxuP -e 'ssh -c arcfour128' --delete-after /backup/ user1@nas:/mnt/backups/

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#6 2012-09-20 18:03:15

briest
Member
From: Katowice, PL
Registered: 2006-05-04
Posts: 468

Re: Dealing with permissions when using rsync over ssh

I was thinking more of

rsync ... -e 'ssh -l unprivileged-ssh-user' rsync-daemon-user@host::module ...

together with

[module]
...
uid=root

so, rsync works as root, but no root login via ssh has to be allowed and no root credentials are needed.

Another solution, not involving root at all (except from setup) may be setting default ACL, granting to one special backup user read access to backed up tree.

Edit: ah, I was so used to my "client never initiates backup" policy, I have overlooked that you use this direction. So, what about --fake-user then? I have never used it, but seems relevant.

Last edited by briest (2012-09-20 18:17:58)

Offline

Board footer

Powered by FluxBB