On 2/8/06, Ken Irving <[EMAIL PROTECTED]> wrote: > I'm using rsnapshot, which uses rsync over ssh, and "pull" backups to > the backup server running as root, but I connect to the backup machines > as an ordinary user. I use keychain to help automate ssh-agent for > authentication, so I need to connect to the backup host after it boots in > order to authenticate the keys. By connecting as a regular user I don't > get backups of files that aren't world-readable (other than that user's of > course), but ownership and permissions are preserved on the backup host. > > Ken
I do the opposite. I let the remote servers log in, using a modified rsnapshot, as regular users, and built a .so (LD_PRELOAD'd) that remaps the various chown, chmod, rename, chdir, etc functions so you can write them out to a file. This way you can back up every file from multiple servers without giving out root access to everyone. It ain't perfect -- specifically, rsync chown's and chmod's temporary files before renaming them into place, so you have to figure out the real filename for the chown/chmod commands. That's just a perl script away, but I haven't done that yet. It's a total hack, but rsnapshot is a pretty slick way to do snapshots.
