On Mon 18 Sep 2006, Ken Dyke wrote: > > Looking for solutions others may come up with before inventing my own. > > Sar-Ox auditors have finally gotten around to "no root login via ssh" to > their list of checkboxes. So, I need a way to run dirvish that does not > involve ssh as the root user.
A possibility may be to run rsync as a daemon? But that probably won't be accepted either... (although it's unlikely they have a checkbox for that :-) Take a look at http://www.hackinglinuxexposed.com/articles/20030115.html for usage of authprogs to limit what commands may be run with ssh; depending on how smart those auditors are you may be able to convince them that that is a safe way of using ssh as root for rsync. Otherwise you probably need to connect as some other user and use sudo (without password) to run rsync; there was some discussion on this topic over on the rsync mailing list this month. Paul Slootman _______________________________________________ Dirvish mailing list [email protected] http://www.dirvish.org/mailman/listinfo/dirvish
