The obvious (and bad) idea is to use a suid rsync on the remote end. Fortunately, rsync notices that, and refuses to act like root unless it was invoked by a root-owned process. Hack it if you want.
If you're comfortable with this, write a wrapper on the remote that does a sudo /usr/local/bin/rsync $@ and point to that wrapper with the --rsync-path= option. I think the password prompt will come through stderr so you can respond to it - test it for yourself. I doubt you want to leave a passwordless sudo open, but that may be the only way. The safest (in my opinion) alternative that permits unattended operation is to expose the stuff you want to back up via a rsyncd, read-only, chrooted, password-protected, non-listed root-uided module. If you have confidential information that will be exposed through this module, and your company's policy doesn't permit telnet, (sniffable passwords and uids), you probably don't want to do this. Next is same, but add hosts allow = localhost, and get it through an ssh tunnel. That'll hide the rsync authentication, AND your data. Regardless, don't make the uid:password combo for the module "root:rootspassword". It'll be root access, but highly limited - no point in letting that little hole be a big one. Tim Conway Unix System Administration Contractor - IBM Global Services [EMAIL PROTECTED] CLIFFORD ILKAY <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 03/17/2004 01:09 AM To [EMAIL PROTECTED] cc Subject Backing Up Files I Don't Own Hi, I need to back up all of /home on a remote server for which I have root access but cannot (and will not) do root logins via ssh. Of course if I attempt to rsync files that I don't own, rsync skips over them. My account is allowed to sudo, if that helps. How can I use rsync to do the following: rsync -av --compress --progress --delete -e [EMAIL PROTECTED]:/home /home/buForSomeRemoteServer -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
