Give group read access to /home/*

[BLuFeNiX]

I am using trying to use rsync to backup files on my network at work. I need to backup /home (and all files and directories within) on a few different machines, which means I need read permissions for all of those files. I decided that it would be bad to enable ssh access for root. Here's what I have done so far:

created a group "rsync", and created a user "rsync" and added him to that group. (I did not add rsync to wheel because I will be using authorized keys with a blank passphrase, so I can run rsync as a script without having to type in passwords.)

What I want to do now is allow the group "rsync" to read all files inside /home, but I don't want to mess with any other user's permissions.

I am using NetBSD on one remote machine, FreeBSD on another remote machine, and FreeBSD on the host machine running the command.

Any suggestions? :e

 

[phoenix]

Install security/sudo and add the following to your sudoers file:

Cmnd_Alias RSYNC = /usr/local/bin/rsync

%rsync ALL=NOPASSWD: RSYNC

Then add the following to your rsync command-line:

--rsync-path="sudo rsync"

That way, your rsync user connects via password-less ssh key, and runs rsync as root using sudo (again without a password), thus giving it access to every file on the remote server. But, without allowing it to run sudo for anything other than rsync.

(Shameless plug: This is all covered in my two rsbackup threads in the How-To forum.)

 

[BLuFeNiX]

Thank you for your reply.

Isn't the --rsync-path option only applicable when the remote machine is running the rsync daemon? This is not the case for my setup. I am using the following command on my testing directory:

rsync -zrlptgoEc --progess --stats --delete-after -e "ssh" user@computer:/remote/dir/ /local/dir/

If I don't need the daemon running, I will try this tomorrow morning.

 

[phoenix]

If the local machine is the backup server, then use --rsync-path (this is the command that will be run on the remote client system).

If the local machine is the one with the data you are backing up (the client), then you just add "sudo" to the commandline: sudo rsync --options local/path user@remote:/path/

We don't use the daemon (why bother?), just call rsync via cron, and it connects via SSH to the remote system, and tunnels the rsync traffic back through the SSH connection.

 

[gilinko]

We don't use the daemon (why bother?), just call rsync via cron, and it connects via SSH to the remote system, and tunnels the rsync traffic back through the SSH connection.

I have found the rsync daemon useful in one very specific scenario, and that's when you have a multitude of OS(in my case. Win, OS X, Fedora, FreeBSD and Solaris) and different encodings(ISO, UTF-8 etc). It works very well as you don't have to "care" about the way a file is encoded and if a directory contains a space or other special character. It is possible to do it on a command line program, but it adds some complexities. And the rsync daemon is a really simple daemon to configure.

 

[BLuFeNiX]

Alright, that worked! Thank you!