On 2015-03-15 12:40, Adam Goryachev wrote: > On 14/03/2015 22:08, Angus Kerr wrote: [...] >> #Sudoers file for backuppc user to run rsync >> >> backuppc ALL=NOPASSWD: /usr/bin/rsync >> > > Note that this will give the user root access easily enough. The user > could create the file they want in /tmp, and then use sudo rsync to > overwrite the target file (or copy a file they don't have read access to > a location they do have access, including another machine). Therefore, > this entire process is hardly worth the effort and additional complexity [...]
A lot of sources at least agree on that being unsafe. AFAIK rrsync should be the proper way and justify the effort. e.g. http://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/ Regards, Benjamin -- FSU Jena | JULIELab.de/Staff/Benjamin+Redling.html vox: +49 3641 9 44323 | fax: +49 3641 9 44321 ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
