On Friday 14 July 2006 12:43, Carl Wilhelm Soderstrom wrote: > On 07/14 10:07 , Harry Mangalam wrote: > > The downside of this for larger installation tho is that it > > requires manual intervention to establish the shared ssh keys > > (for root!) to allow remote tar'ing of file, no? > > you should be able to set up a special account on each client > machine, which uses sudo to run tar with root privs. Then set up > the ssh key to only allow the tar command to be run. (with the > command= option in the dsa key on the client side).
Thanks for the advice - both suggestions are helpful. I'll tack them onto my FAQ for the Mac :) But then doesn't this require even more manual intervention? Set up the extra user, mod the sudoers file? Or is there a way to automate this? > this is how I back up my machines, and avoid doing a passwordless > ssh login as root. > > > (so does the rsyncd config, but in that case all you have to do > > is place the "rsyncd.[conf|secrets]" files on the client. (with a > > different rsyncd.secrets password for each client of course; > > otherwise any client could rsync/read the contents of any other > > client). > > set up your rsyncd to only allow connections from the backup > server. :) Thanks for reminding me! That was a key point. -- Harry Mangalam - Research [EMAIL PROTECTED], E2148, Engineering Gateway, UC Irvine 92697 949 824 0084(o), 949 285 4487(c) [EMAIL PROTECTED] ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
