Keith Edmunds wrote: > On Fri, 13 Jul 2007 09:39:15 -0400, [EMAIL PROTECTED] said: > > >> The user would need read-access to everything (in order to backup /home >> and some files in /etc), preferably without being able to run commands >> other than rsync. How would I achieve this? >> > > By using sudo (as I said). Sudo runs the program specified with root > privileges - we backup lots of servers this way. > > Keith I'm familiar with sudo. I guess I'd specify in /etc/sudoers that user "joe" is allowed to run: 1) rsync <options> /share1 and 2) rsync <options> /share2
Is there a way to use the forced-commands feature of ssh to further limit joe's logins? I realize that the risk is already significantly reduced since joe is just a regular user, but I'm really picky about security. Here's a funny story I heard that I think applies here: Two guys (Fred and Bill) were walking through the jungle when they noticed a cheetah stalking them. Fred bends down to tighten the shoelaces on his running shoes. Bill says, "What are you doing? You can't outrun a cheetah." Fred says, "I don't have to outrun the cheetah, I just have to outrun you." I'm just trying to take my security one step further than most people would. Hopefully it'll keep me safer than the guys behind me. -Rob ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ BackupPC-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
