On 06/20/2012 10:40:57 PM, Kevin Korb wrote:
> On 06/20/12 21:53, Karl O. Pinc wrote:
> > On 06/20/2012 05:29:09 PM, Kevin Korb wrote:
> > Somehow or another you need root access on the remote side in order
> > to properly set permissions.
> Not permissions, ownership.
Quite right. I shouldn't be writing emails when otherwise occupied.
Sorry.
> > rsync -av -e "ssh -l ssh-user" rsync-user@host::module /dest
>
> Now you are talking rsyncd over ssh. Still as root. The benefit is
> minimal at best.
My point here is to show the '-e "ssh -l ssh-user"', allowing the local
end to be non-root while the remote end is root; an example invocation
independent of whether rrsync is the command
executed on the remote end or not. (I'm a bit confused.
Minimal as compared to what, rrsync?)
I agree that rrsync is probably the best option for
the original poster's use case, at least if he
wants to stick with userspace solutions. I agree that command=
I supplied at the top of my post does not provide
much in the way of security on the remote end, short
of using chroot in rsyncd.conf. I should have
been more careful in writing the post.
The "right way", ideally, avoids all the kludgeyness of restricted
shell-like things, chroots, and so forth, and instead
uses a linux container (lxc) on the remote side for every
user on the local side. The local user would connect
in as root to the remote container and the container
would prevent shenanigans. It's what containers
are for. How much sense this makes for RH 5 I can't say.
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
