On Wed, Feb 13, 2008 at 4:04 PM, Eran Tromer <[EMAIL PROTECTED]> wrote:
> Better yet, you don't need to run anything other than 'tar' as root. > Just put the 'tar czf - /home' command in a suid-root binary that's > executable only be a dedicated user, say [EMAIL PROTECTED], and then: > $ rexecsync -v 'ssh [EMAIL PROTECTED]' 'path-to-suid' /backups/client.tgz Actually, the "Right Way(TM)" to do this is to setup an account with a public key which can only execute this command specified with the "command=" argument in authorized_keys (the command passed to the ssh client is ignored, see ssh(1) for more details). This doesn't even have to be a special account, you can put this public key in any account which is allowed to access ssh. This way it's less insecure to have a passphrase-less private key which can access that command. --Amos
