From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephen Samuel Subject: Re: rsync and ssh Date: Mon, 23 Jun 2003 14:10:52 -0700 Sender: linux-admin-owner@vger.kernel.org Message-ID: <3EF76CDC.1060907@bcgreen.com> References: <3EF72EFF.9405B3C7@tid.es> <20030623165549.GB25076@rdlg.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20030623165549.GB25076@rdlg.net> List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: "Robert L. Harris" Cc: Miguel Gonz?lez Casta?os , linux-admin@vger.kernel.org The machine at the destination end should not need to be uid 0 (root equiv) unless the source files belong to more than one user and those uid's need to be preserved on the recipient system. It's actually still possible to do it without root privs on the destination system by setting up a cron job for each user on the source system, and a trust to the equivalent users on the destination system. (presumes a limited number of users or an automated system for setting up the rsyncs). To make life a bit safer, you can also limit the SSH connection on the recipient system such that only rsync is usable by the RSA/DSA keys used to do the rsync. Robert L. Harris wrote: > > Use "rsync -e ssh" and set up a trust. Make sure that the system > initiating the connection is very secure otherwise you've opened up a > hole with the user's ID on the remote system. > > Ideal situation? > > Machine A sends a file to Machine B > Create a new id "rsync-foo" on both machines with 0 privs. Make the > home dirs /var/tmp/ and a shell of /dev/null (SHOULD work with rsync). > Establish trust from A to B using the rsync-foo user ID. > > rsync -e ssh -avHD -stats /source/files /target/files > > Then a cron job on MachineB which validates the data and then > copies/rsync's it to it's final destination. > > Robert -- Stephen Samuel +1(604)876-0426 samuel@bcgreen.com http://www.bcgreen.com/~samuel/ Powerful committed communication. Transformation touching the jewel within each person and bring it to life.