Re: [BackupPC-users] [newb] ssh rsync with restricted permissions
2011-03-21 08:53:25
On 03/18 06:46 , Neal Becker wrote:
> I'm interested in setting up linux->linux backup. I don't like the idea of
> giving permission for machine1 as user backup to ssh to machine2 as root.
> What
> are the options?
>
> 1. Can ssh be restricted so that the only command user backup can run is
> rsync?
Create a new user for backuppc to log in as. I typically use 'rsyncbakup'.
In your ~rsyncbakup/.ssh/authorized_keys file, try something like this:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="sudo
/usr/bin/rsync --server --sender -logDtpr --exclude='/proc/*'
--exclude='/mnt/*' --exclude='/sys/*' --exclude='/tmp/*' --exclude='/var/tmp/*'
--exclude='/var/cache/apt/archives/*' --exclude='/var/log/*' --delete
--numeric-ids --block-size=2048 . /" ssh-dss
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
host AT example DOT com
> 2. Is there an easy way (using acls?) to give a user backup read access to
> everything (probably not)
in /etc/sudoers:
rsyncbakup ALL= NOPASSWD: /usr/bin/rsync
You will also need to set this in your /etc/backuppc/config.pl, or in the
per-host config
file for each host you want to back up this way:
$Conf{RsyncClientCmd} = '$sshPath -q -x -l rsyncbakup $host $rsyncPath
$argList+';
--
Carl Soderstrom
Systems Administrator
Real-Time Enterprises
www.real-time.com
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
|
|