I use rsync for local backups to an external drive. I didn't like doing this as root, in case my misuse of the --delete option caused me to delete my original files.
So instead of giving a backup user read/execute on everything I want to backup, I did this: groupadd backup useradd -g backup backup install -m0750 -g backup /usr/bin/rsync /usr/bin/rsync-backup setcap CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH=ep /usr/bin/rsync-backup Now the 'backup' user can read any file on the system, with /usr/bin/rsync-backup, but can't delete any file she doesn't own. I also use the --chmod=go-rwx option with rsync to keep the backups a little more private. robert
pgpX5Au7edLr3.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
