How to make rsync use sudo

backuprsyncsudo

I use rsync to mirror a number of folders on our failover server. However, some of our files, such as thumbnails or full-text indexes, are generated by our applications under the web user (named 'nobody'), and default to restrictive permissions.

Also, I'm doing this over ssh, where root access is disabled, and I'd like to keep it that way, if possible.

Is there any reasonable way I can tell rsync to run as sudo? Or should I look into changing the file permissions?

Best Answer

you could:

create a new group for data that should be read (by rsync), add UIDs to that group and/or change GIDs on files and directories and set appropriate permissions, that'll let you use rsync with that username
get the exact command line run at the server end when using rsync-over-ssh (hint, use -v multiple times and remember to take the '-v's out of the command line you get) and use SSH public key authentication forcing that specific command (see AUTHORIZED_KEYS FILE FORMAT in sshd(8))

With #2 you could use rsync over ssh to the root user and still be secure (see PermitRootLogin no-password in sshd_config(5)), or even better you could combine the two to create a non-privileged user which can only be used with that specific rsync command line.

EDIT: sending auth data over ssh to get root (eg. ssh as user, sudo with user password) is not better than doing ssh directly to the root user (via public key or via a good password), IMHO.

Best Answer

Related Solutions

How to Use Rsync Over FTP

How to keep the full path with rsync

Related Topic