Re: rsync -a doesnt keep owner and permissions

Wed, 20 Aug 2014 23:51:55 -0700

Just a short heads up how I did it now and you guys might want to share your opinion on the security with this scenario. 

maschine A (from were I want to pull files):
- root cant login over ssh
- sync user can only connect with auth key and from host B
- sync user is allowed to run rsync without pw (sudoer file)

machine B (from where the rsync is initiated):
 - root cant login over ssh
 - sync users private key is here
 - sync user can login with pw

Info to the network setup

Machine A is only reachable to a firewall machine (not machine B !)
From Firewall you cant login as the sync user on machine A (as mentioned above) 
Firewall directs traffic from outside only to Machine A
Of Course you cant login as root on the Firewall
So in my opinion it should be okay to give the sync user the right to run rsync with no passwd.
And since we don't live in a world where we can secure something 100% I think the aproach here is still 
acceptable.
But since a lot of more experienced out there (when it comes to security) I'm open to other suggestions 

Regards

Am 19.08.2014 17:14, schrieb Joseph Borg:

Wouldn't something like duplicity work better for you in this case?

Regards

Sent from my iPad


On 19 Aug 2014, at 16:53, Markus Rosjat <ros...@ghweb.de> wrote:

Am 19.08.2014 16:40, schrieb Erling Westenvik:

On Tue, Aug 19, 2014 at 04:27:11PM +0200, Markus Rosjat wrote:

Is there any other thing I miss with the sudo  approach?

Check out --usermap, --groupmap and --chown in the man page. Haven't
tried them myself but AFAIK these options were added to rsync(1) late in
2013 or early in 2014.

this may work on a one file or user directory base but if I want to sync a  
location like /var/www/htdocs this  will be
a bit overkill and no I don't want to write a script for this if I can avoid it.


--
Vennlig hilsen/Kind regards
Erling Westenvik

--
Markus Rosjat    fon: +49 351 8107223    mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you 
print it, think about your responsibility and commitment to the ENVIRONMENT



--
Markus Rosjat    fon: +49 351 8107223    mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you 
print it, think about your responsibility and commitment to the ENVIRONMENT

Reply via email to