Andy Smith via rsync <rsync@lists.samba.org> wrote: > Hi Chris, > > On Tue, Aug 03, 2021 at 09:48:37AM +0100, Chris Green via rsync wrote: > > But how do you handle the other end to restore the root ownership etc.? > > The script has to do something like:- > > > > rsync -a /etc/ chris@remote:backups/etc/ > > > > So at the remote end it only has chris' privileges. > > A couple of options: > > > https://strugglers.net/~andy/blog/2021/04/10/rsync-and-sudo-without-x-forwarding/ > > Since you want to automate it I'd go with letting root log in by ssh > key only, and force the key to work only with a specific script. > > Here is an example forced command that only allows rsync > > https://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/ > > This is still vulnerable to doing anything that rsync can do. You > can secure it further by making a script that only does the specific > things you need rsync to do, e.g. the exact parameters and paths, > and force that script instead. > Ah yes, I've done this elsewhere using 'rrsync' at the receiving end, it's another possible approach to investigate, thanks.
-- Chris Green ยท -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html