I want to use rsync to take automated backups from a remote webserver over ssh. The webserver is configured with suphp, so different sites have files with different users and groups. Unfortunately a web application generates some files without group or other read permissions.
I can only see two options, neither of which are palatable; either run rsync as root or allow ssh access for each web user and run rsync as each web user in turn.
Unfortunately ACLs wont work because when files are created by the webserver with 600 permissions, this adjust the inherited ACL mask to make the effective permissions for other users 000.
Can anyone suggest a way of running rsync with the lowest possilbe privileges that still allow access to user files which don't have group or other read permissions.
Thanks
Best Answer
I've got a solution by turning the problem on its head. Instead of pulling the data from the production machine to the backup machine, I'm pushing the data from production to backup.
This way I only have to run rsync as the PHP user on the production machine and as the backup user on the backup machine. The ssh authorized keys file for the backup user allows me to further lock down access by production server IP and also limit the commands which can be run rsync.