Rsync mirror without root

From FBSD_tips

Jump to: navigation, search

It is a bad thing to have root logins enabled in sshd, yet many people do it. One reason why is that to do a mirror of a file system properly you have to have to be UID 0 to read everything from the source of the mirror. this is an alternative method that alleviates the need to allow root over ssh, and is only a bit of trouble to set up.

Contents

[edit] Software

On the remote machine, install sudo and rsync : 

pkg_add -r sudo
pkg_add -r rsync

Also install rsync on the local machine.

[edit] Configuration

Then add a user, rsyncuser on the remote machine you wish to mirror : 

> adduser
Username: rsyncuser
Full name:
Uid (Leave empty for default): 1005
Login group [rsyncuser]:
Login group is rsyncuser. Invite rsyncuser into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash nologin) [sh]:
Home directory [/home/rsyncuser]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username   : rsyncuser
Password   : *****
Full Name  :
Uid        : 1005
Class      :
Groups     : rsyncuser
Home       : /home/rsyncuser
Shell      : /bin/sh
Locked     : no
OK? (yes/no): y
adduser: INFO: Successfully added (rsyncuser) to the user database.
Add another user? (yes/no): n
Goodbye!

Then add this to /usr/local/etc/sudoers : 

User_Alias RUS = rsyncuser
Cmnd_Alias RSY = /usr/local/bin/rsync
RUS ALL = NOPASSWD: RSY

Now, on the local machine you wish to mirror to, run rsync with the additional option of --rsync-path="/usr/local/bin/sudo /usr/local/bin/rsync" and logged in with the username rsyncuser.

[edit] Testing

An example might look like : 

rsync -avP \
--rsync-path="/usr/local/bin/sudo /usr/local/bin/rsync" \
--backup \
--backup-dir=/backup/location/YEAR/MONTH/DAY/ \
rsyncuser@${REMOTEHOST}:/usr /backup/location/usr

Where YEAR MONTH and DAY are replaced with something meaningful.

[edit] See also

Refer to Adding a key to a remote machine to eliminate the password prompt for batch backups.

Gongo 20:34, 26 September 2007 (UTC)

Retrieved from "http://bsdtips.utcorp.net/mediawiki/index.php/Rsync_mirror_without_root"
Personal tools