Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer)
2009-12-03 19:14:40
Very helpful. A few small nits...
Carl Wilhelm Soderstrom wrote at about 16:58:08 -0600 on Thursday, December 3,
2009:
> chown -R rsyncbackup:users ~rsyncbackup/.ssh
> chmod 700 ~rsyncbackup/.ssh
I would do '600'. No need to make it executable.
> Now edit /etc/sudoers with the 'visudo' command and add some lines to allow
> the rsyncbackup user to run the rsync command as root, thereby giving them
> access to the whole filesystem. (Without allowing other commands to be run
> with access to the whole filesystem).
> # allow backup user to run rsync as root
> rsyncbackup ALL= NOPASSWD: /usr/bin/rsync
For a slight bit of incremental security, I do:
ALL=NOPASSWD: /usr/bin/rsync --server --sender *
which I believe restricts to read only (but it's not well
documented). Assuming that's true, then a hacker could not get write
access to your system (and of course write access is equivalent to
full ownership).
> Rsync protocols >26 should work (maybe lower, don't know); I think protocol
> v28 is the current one. the protocol version is apparent when you run
> backuppc_dump by hand. if there is a protocol mismatch; the connections will
> open, and the rsync process start; but nothing will be transferred.
Current version is at least 30 though perl-File-RsyncP only supports
up to protocol 28. Still, having a 3.0+ version is beneficial in terms
of more efficient memory usage. Also, version 3.0 is helpful on
Windows to avoid various rsync errors.
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [BackupPC-users] Problems to backup linux network computer, (continued)
- Re: [BackupPC-users] Problems to backup linux network computer, Jose Torres
- Re: [BackupPC-users] Problems to backup linux network computer, Les Mikesell
- Re: [BackupPC-users] Problems to backup linux network computer, Jose Torres
- Re: [BackupPC-users] Problems to backup linux network computer, Les Mikesell
- Re: [BackupPC-users] Problems to backup linux network computer, Jose Torres
- [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Carl Wilhelm Soderstrom
- Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer),
Jeffrey J. Kosowsky <=
- Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Adam Goryachev
- Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Jeffrey J. Kosowsky
- Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Carl Wilhelm Soderstrom
- Re: [BackupPC-users] rsync+sudo for rootless remote access (was: Problems to backup linux network computer), Jeffrey J. Kosowsky
- Re: [BackupPC-users] Problems to backup linux network computer, Sebastiaan van Erk
|
|
|