On Sat, Sep 11, 2010 at 05:15:50PM -0400, Hal Vaughan wrote: > I will be working with a server on the Internet that uses rsync and is > running Debian. I will be setting up initial /etc/rsyncd.conf and > /etc/rsyncd.secrets files on it. But along the way, whenever a new user is > added, they'll need to be updated. I can use ssh on this system, but, of > course, I don't want to allow root access. > > I'd like to be able to have these files updated automatically when I add a > new user to another system. I could create new copies of the files locally, > where the users are added and use scp to copy them to a directory on the > server. But that's where there are problems. How can I chown the files to > root, copy them to /etc, and chmod as needed for rsync to use them > automatically? > > I don't see a way to do that without security issues. I need to somehow ssh > in and do an su or run three commands as sudo (I need to mv the file, chown > it, and chmod it). > > I am far from an expert in security, but I can see that if I have anything in > place to make this easy, then anyone hacking my user account could easily > mess up anything in the system. > > Is there some way I can set this up so I can update rsyncd.conf and > rsyncd.secrets only automatically when I have the newer versions on my local > system to be uploaded? > > When using ssh keys to log in, you can specify (in ~/.ssh/authorized_keys) a command which will automatically run when that key is used to log in. And that key will be useless to do anything else. Simply using that key to conenct to the remote server will run that command.
The authorized_keys file would look something like this: command="/path/to/my/script" ssh-rsa AAAAB3NzaC1yc2EAAA.... m...@myhost You could use this to ssh into the remote server as root, or as a user with very specify sudo privileges that will allow your script to run. (The script would perform the file changes you need done, or simply rsync them from your local machine). -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100912145107.ga29...@aurora.owens.net
