Hi Chris,
On Tue, Aug 03, 2021 at 09:48:37AM +0100, Chris Green via rsync wrote:
> But how do you handle the other end to restore the root ownership etc.?
> The script has to do something like:-
>
> rsync -a /etc/ chris@remote:backups/etc/
>
> So at the remote end it only has chris' privileges.
A couple of options:
https://strugglers.net/~andy/blog/2021/04/10/rsync-and-sudo-without-x-forwarding/
Since you want to automate it I'd go with letting root log in by ssh
key only, and force the key to work only with a specific script.
Here is an example forced command that only allows rsync
https://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/
This is still vulnerable to doing anything that rsync can do. You
can secure it further by making a script that only does the specific
things you need rsync to do, e.g. the exact parameters and paths,
and force that script instead.
Cheers,
Andy
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
