according to this link: http://backuppc.sourceforge.net/faq/ssh.html#how_can_client_access_as_root_be_avoided
the /etc/sudoers line should have looked like this: user_with_sudo_rights ALL=NOPASSWD: /usr/bin/rsync --server --sender * -Rob Yaakov Chaikin wrote: > Which of the config directive needs to change for the "sudo" part and > how would it look? Could you give an example? > > Thanks, > Yaakov. > > On 7/18/07, Rob Owens <[EMAIL PROTECTED]> wrote: >> If you're going to connect to the host as root, then no changes to >> config.pl are needed. If you're going to connect to the host as a >> regular user, and use sudo, then config.pl needs to change. You need to >> replace "root" with the username you want to connect with. And you need >> to throw a "sudo" in front of the rsync command. >> >> -Rob >> >> Yaakov Chaikin wrote: >> > Would this require a different configuration within the config.pl >> > file(s) within BackupPC itself? Or as far as BackupPC is concerned the >> > configuration can stay the same as if it has exchanged the rsa keys >> > with the user 'root'? >> > >> > Thanks, >> > Yaakov. >> > >> > On 7/13/07, Rob Owens <[EMAIL PROTECTED]> wrote: >> >> Keith Edmunds wrote: >> >> > On Fri, 13 Jul 2007 09:39:15 -0400, [EMAIL PROTECTED] said: >> >> > >> >> > >> >> >> The user would need read-access to everything (in order to backup >> >> /home >> >> >> and some files in /etc), preferably without being able to run >> >> commands >> >> >> other than rsync. How would I achieve this? >> >> >> >> >> > >> >> > By using sudo (as I said). Sudo runs the program specified with >> root >> >> > privileges - we backup lots of servers this way. >> >> > >> >> > Keith >> >> I'm familiar with sudo. I guess I'd specify in /etc/sudoers that >> user >> >> "joe" is allowed to run: >> >> 1) rsync <options> /share1 >> >> and >> >> 2) rsync <options> /share2 >> >> >> >> Is there a way to use the forced-commands feature of ssh to further >> >> limit joe's logins? I realize >> >> that the risk is already significantly reduced since joe is just a >> >> regular user, but I'm really picky about security. >> >> >> >> Here's a funny story I heard that I think applies here: >> >> Two guys (Fred and Bill) were walking through the jungle when they >> >> noticed a cheetah stalking them. Fred bends down to tighten the >> >> shoelaces on his running shoes. Bill says, "What are you doing? You >> >> can't outrun a cheetah." Fred says, "I don't have to outrun the >> >> cheetah, I just have to outrun you." >> >> >> >> I'm just trying to take my security one step further than most people >> >> would. Hopefully it'll keep me safer than the guys behind me. >> >> >> >> -Rob >> >> >> >> >> ------------------------------------------------------------------------- >> >> >> >> >> This SF.net email is sponsored by DB2 Express >> >> Download DB2 Express C - the FREE version of DB2 express and take >> >> control of your XML. No limits. Just data. Click to get it now. >> >> http://sourceforge.net/powerbar/db2/ >> >> _______________________________________________ >> >> BackupPC-users mailing list >> >> [email protected] >> >> https://lists.sourceforge.net/lists/listinfo/backuppc-users >> >> http://backuppc.sourceforge.net/ >> >> >> ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ BackupPC-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
