Re: how should I (best practice) set up permissions for rsync ?
On Wed, 2006-01-11 at 03:47, user wrote: > On Wed, 11 Jan 2006, Wojciech Puchar wrote: > > > > Hi, > > > > > > I want to rsync /usr/home from one machine to another, for purposes of > > > backup. > > > > > > > i do: > > > > rsync -e "rsh" -avzrlHpogDtS --delete --delete-excluded --force > > \ --exclude-from=../$1-exclude [EMAIL PROTECTED]:/ . > > > > where $1 is server name > > > Yeah ... I know how to do that ... I wasn't asking how to rsync it, I was > asking how I could: > > a) keep remote root logins _disabled_ > > and > > b) keep default freebsd permissions on the /usr/home directory > > and still do the rsync ... in your example, you are remotely logging in as > root, which I want to avoid. > > Any suggestions ? If you don't want to log on as root, then you can run a rsync as each user as say a user cron job. Just a thought Rob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how should I (best practice) set up permissions for rsync ?
user wrote: I want to rsync /usr/home from one machine to another, for purposes of backup. This would be a cinch if I just rsyncd -e ssh, as user "root" from one machine to another. The cron job runs with root perms, and the destination machine gets logged into as root and can write into the destination /usr/home. However, I sort of like the idea that root cannot ssh directly into a freebsd machine, by default. I am inclined not to change this. I also would like to keep default /usr/home permissions as they are. 1st: you could reverse the connection so the backup machine fetches from the server, this means that the user that logs into the server only need read access. 2nd: maybe you want to have incremental backups so you can go back a number of days? I don't know your system, but it happens that users delete some vital file and don't get it restored right away. You can create a tar-archive preserving owner, group and permissions. In that case, your server should push the archive to the backup host otherwise you may get problems with clocks not being in sync or backup on the server not finishing before the backup is fetched. The advantage is that you can create the tar archive as root, change owner/group and send it to the backup host using ssh and login to a restricted account. I worked as an administrator, the backup policy was: * full backup on tape on weekdays, that is at night when activity is low, change tape every day * backup only changes during weekends, same tape (the friday tape) * latest two backup tapes stored on external site * tapes cycled with 2 weeks interval, every fortnight the daily backup was queued in the two week backup line with longer storage time before the tape was recycled. Now, this is a quite expensive backup policy. Just FYI. Cheers, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how should I (best practice) set up permissions for rsync ?
On Wed, 11 Jan 2006, Wojciech Puchar wrote: > > Hi, > > > > I want to rsync /usr/home from one machine to another, for purposes of > > backup. > > > > i do: > > rsync -e "rsh" -avzrlHpogDtS --delete --delete-excluded --force > \ --exclude-from=../$1-exclude [EMAIL PROTECTED]:/ . > > where $1 is server name Yeah ... I know how to do that ... I wasn't asking how to rsync it, I was asking how I could: a) keep remote root logins _disabled_ and b) keep default freebsd permissions on the /usr/home directory and still do the rsync ... in your example, you are remotely logging in as root, which I want to avoid. Any suggestions ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how should I (best practice) set up permissions for rsync ?
Hi, I want to rsync /usr/home from one machine to another, for purposes of backup. i do: rsync -e "rsh" -avzrlHpogDtS --delete --delete-excluded --force \ --exclude-from=../$1-exclude [EMAIL PROTECTED]:/ . where $1 is server name you may of course change rsh to ssh, and / to /usr/home :) this does EXACT copy, while it is possible it can be done better ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
how should I (best practice) set up permissions for rsync ?
Hi, I want to rsync /usr/home from one machine to another, for purposes of backup. This would be a cinch if I just rsyncd -e ssh, as user "root" from one machine to another. The cron job runs with root perms, and the destination machine gets logged into as root and can write into the destination /usr/home. However, I sort of like the idea that root cannot ssh directly into a freebsd machine, by default. I am inclined not to change this. I also would like to keep default /usr/home permissions as they are. So how should I do this ? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"