On Sun, 2010-02-14 at 20:04 +1100, James Gray wrote: > On 13/02/2010, at 11:42 AM, Ken Foskey wrote: > > I use a simpler approach and to some extent more flexible. > > > > I create a script in a known directory, for > > example /usr/sbin/run_copy.sh. I then only authorise the admin group to > > run only that specific script. This keeps complicated command lines to > > a minimum. > > > > The run_copy command might for example do a tar of the specified files. > > You can then pipe that tar across the link to the recipient system. I > > would write another script to untar into a working set, verify the copy > > somehow then install it using another script. > > > > visudo add this line > > > > # allow admin group to run the rsync script > > %admin ALL=NOPASSWD: /usr/sbin/run_copy.sh > > Hi Ken, > > Thanks for the suggestion. Unfortunately this incurs the penalty of copying > everything, every time (unless I missed something). Hence the desire to use > rsync. I guess if I didn't do anything "special" (like encrypting) the tar > ball, rsync could still handle the deltas with a certain degree of > efficiency, but it would mean doing an update on the tar file each time. > Total data requiring synchronisation is approx 12GB, every 15-30min...that's > a heck of a lot of I/O and network bandwidth if rsync doesn't do a stellar > job. I also noticed a "--super" option in the rsync manual, but I don't > really understand how this works or what it achieves. > > On the upside, I've had an e-mail discussion with the notoriously suspicious > "Security Team" and they have agreed (in principle) to relaxing the "no > remote root login" by allowing the use of "PermitRootLogin > Forced-Commands-Only" in sshd_config coupled with the method described here > http://troy.jdmz.net/rsync/index.html - sanity and sensibility prevail. > > Now to go through the motions of change control and security approval. Ugh. > Why is nothing easy? :( > > Thanks for all the input people. > > Cheers, > > James
You can still use rsync. You just write rsync command in the script as per above. Ta Ken -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html