Hi Martin,
Thanks for the speedy response.
The backup server is behind a NAT firewall and the production server is in
the internet. The problem is the public ip address of the backup server
changes all the time. So this rules out the possibility of rsync from the
production server connecting back to the backup server.
Your last proposed method is interesting. If it does what I think it does
is, we initiate rsync from the backup server connecting to the production
server to a non-root user id and run rsync in the production under a root
user id. Then this should work.
Regards,
Kwok Hoe
> -----Original Message-----
> From: Martin Pool [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 17, 2001 12:24 PM
> To: Kwok Hoe Chan
> Cc: [EMAIL PROTECTED]
> Subject: Re: Rsync the entire server HD through SSH
>
>
> On 17 Jul 2001, Kwok Hoe Chan <[EMAIL PROTECTED]> wrote:
>
> > Firstly, I must comment that rsync is the best file sync I have
> ever came
> > across. Especially, for its simplicity and feature pack.
>
> Thanks!
>
> > Previously I was running rsync as a server on one end and a connecting
> > client. This enable me to do a remote backup of the entire HD monthly.
> >
> > Now, for my two cents question. How do I setup rsync such that
> it is able to
> > do a rsync of my entire HD (this includes all directories owned
> and readable
> > by root only)? Our current ssh setting is to disallow root
> login through ssh
> > (security reasons). I have tried setting up the authorized_keys but it
> > doesn't work.
>
> rsync doesn't have a way to get around your OS security restrictions.
> If the files are only readable as root, then rsync on that machine
> must run as root to read them.
>
> There are several ways you can achieve that, depending on your
> security architecture:
>
> * use a 'push' rather than 'pull' setup, so that you log in as root
> on the source machine and start rsync there
>
> * allow root login with authorized keys
>
> * allow root login with authorized keys through a special sshd that
> runs on a different port and only accepts connections from
> specified machines
>
> * allow your userid on the machine to sudo to root with no password,
> and use something like
>
> rsync -e ssh --rsync-path 'sudo /usr/bin/rsync' mbp@remote:/ \
> /backup/remote
>
> There are many other possibilities...
>
> --
> Martin
> VA Linux Systems
>
>
