Hi Chris, On Tue, Aug 03, 2021 at 09:48:37AM +0100, Chris Green via rsync wrote: > But how do you handle the other end to restore the root ownership etc.? > The script has to do something like:- > > rsync -a /etc/ chris@remote:backups/etc/ > > So at the remote end it only has chris' privileges.
A couple of options: https://strugglers.net/~andy/blog/2021/04/10/rsync-and-sudo-without-x-forwarding/ Since you want to automate it I'd go with letting root log in by ssh key only, and force the key to work only with a specific script. Here is an example forced command that only allows rsync https://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/ This is still vulnerable to doing anything that rsync can do. You can secure it further by making a script that only does the specific things you need rsync to do, e.g. the exact parameters and paths, and force that script instead. Cheers, Andy -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html