On Tue, 09 Sep 2008 22:17:59 -0300 tyler <[EMAIL PROTECTED]> wrote: > Hi, > > With some help from the good people on this list, I got a simple home > network setup, and I'm now using it to backup my laptop to my desktop > using rsync. I have one question though - I'm backing up /etc, /home, > /opt, and parts of /usr and /var. I want to preserve ownership, but if I > do the backup from my user account as: > > rsync -av --include-from=/home/tyler/rsync_includes / > etch.mynetwork:/home/tyler/laptop > > Then the ownerships all get set to tyler tyler, even when they are > originally root root. In order to preserve the ownerships, I have to run > the above command as root, which requires that I configure sshd on the > desktop to accept root logins. Even behind a NAT router, that doesn't > seem like a good idea. Am I missing something?
A) The Debian ssh maintainer thinks that root logins should be allowed; this is a very old argument. From the README.Debian: > Having PermitRootLogin set to yes means that an attacker that knows > the root password can ssh in directly (without having to go via a user > account). If you set it to no, then they must compromise a normal user > account. In the vast majority of cases, this does not give added > security; remember that any account you su to root from is equivalent > to root - compromising this account gives an attacker access to root > easily. If you only ever log in as root from the physical console, > then you probably want to set this value to no. > > As an aside, PermitRootLogin can also be set to "without-password" or > "forced-commands-only" - see sshd(8) for more details. > > DO NOT FILE BUG REPORTS SAYING YOU THINK THIS DEFAULT IS INCORRECT! > > The argument above is somewhat condensed; I have had this discussion > at great length with many people. If you think the default is > incorrect, and feel strongly enough to want to argue about it, then > send email to [EMAIL PROTECTED] I will close bug reports > claiming the default is incorrect. B) Fakeroot can apparently more or less do what you want; install it, and read README.saving. It claims to be usable with rsync to do exactly what you want (although it says that "it will not work perfectly"); I haven't tried it. > Tyler Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
