Or he could use SSH2 keys and an authorized_keys2 file,
Waxing pedantic, that really ought to be and/or. SSH2 keys are great as an added layer of security to apply some paranoia as to *what* box is calling the script, no matter what user account you're using to log in with.
allow root on forced-command-only. This would prevent root logins, but allow a single box (or boxes) to rsync in and have read-only access to a specific share. Or you could create a passwordless uid 0 user specifically for this purpose. If you were really paranoid, the
Eek. I would personally be more nervous about stray uid 0 accounts floating around or direct root logins enabled (forced-command or no) than about using sudo to call a script.
Jim Salter -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
