Wayne Davison said: > On Thu, Oct 07, 2004 at 10:20:34AM -0600, Ryan Sommers wrote: >> Edited authorized_keys on M adding 'command="sudo /usr/local/bin/rsync >> --server --daemon ."' > > You can't start an rsync daemon and then attempt to do a non-daemon > transfer. Get rid of the "command" setting above and tell rsync to > run the remote rsync command using sudo: > > rsync -a --rsync-path='sudo rsync' [EMAIL PROTECTED]:/path/to/stuff ./local/path > > ..wayne.. >
That works. After sending the first mail I was able to get it to work by adding '-e ssh' to the command line and changing '[EMAIL PROTECTED]:/path/to/stuff' to '[EMAIL PROTECTED]::module'. What is the difference between these two methods? Advantages of one over other? Is it possible to come up with a solution such that user NP is only usable as an rsync backup? I'd like to disallow logins by that user by normal methods. And only if they provide the required RSA private key are they only allowed to execute the sudo rsync command. It seems to me that running in this manner to backup would be much more secure than allowing root Ssh logins, yet from all the googling I've done I haven't come across anything like this. Any thoughts? -- Ryan Sommers [EMAIL PROTECTED] -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
