Les Mikesell wrote at about 16:30:35 -0500 on Thursday, May 21, 2009:
 > Skip Guenter wrote:
 > > 
 > > When I do: "sudo su backuppc"
 > > followed by: "ssh -x -l backuppc c17-desktop date"
 > > i get: "ssh: connect to host c17-desktop port 22: Connection refused"
 > > Which I believe ya'll are telling me is because I don't have ssh-keys
 > > set up correctly.
 > 
 > No, you haven't gotten that far.  Connection refused means you don't 
 > have a listening sshd running or a firewall is blocking port 22.  If 
 > your keys aren't right you'll normally just get a password prompt.
 > 
 > > I do have user backuppc set up to be able to run rsync w/o a password
 > > via: "sudo visudo" 
 > > which shows: 
 > > # User privilege specification
 > > root     ALL=(ALL) ALL
 > > backuppc ALL=NOPASSWD: /user/bin/rsync
 > 
 > You can skip ssh for local backups if you use another way to get root 
 > access.
 > 

I similarly don't use ssh on my local server for two reasons:
1. ssh adds unnecessary encryption (and depending on your
   configuration also compression) overhead that is not necessary on your
   local system where there is no remote link traffic. Why add an
   unnecessary tunnel?

2. giving ssh root-level access (necessary to read/write all files)
   *seems* more dangerous than letting user 'backuppc' run
   'rsync' as root. Now I know that technically if you can read/write
   a file with rsync then you can easily get root access but it just
   seems tighter and neater that way to limit unnecessary
   privileges. Also, technically you only need the ability for 'rsync'
   to *read* files as root as long as you are doing just backups (and
   not restores).

   I believe the following sudoer line restricts the rsync mode to
   sender so that you are only giving rsync root permission to read
   (not write) files. 

   backuppc        ALL=NOPASSWD: /usr/bin/rsync --server --sender *


 > -- 
 >    Les Mikesell
 >     lesmikes...@gmail.com
 > 
 > 
 > 
 > 
 > ------------------------------------------------------------------------------
 > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
 > is a gathering of tech-side developers & brand creativity professionals. Meet
 > the minds behind Google Creative Lab, Visual Complexity, Processing, & 
 > iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
 > Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
 > _______________________________________________
 > BackupPC-users mailing list
 > BackupPC-users@lists.sourceforge.net
 > List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
 > Wiki:    http://backuppc.wiki.sourceforge.net
 > Project: http://backuppc.sourceforge.net/
 > 

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Reply via email to