I am using rsync --rsh "ssh"
to push to a mirror. Setting the necessary file system permissions on the mirror requires rsync
to run with root privileges on the mirror. However, the mirrored files are under a single hierarchy and I would like to allow rsync
to access only that hierarchy and nothing else on the mirror.
How would I allow rsync
to set permissions while also limiting access?
Is there possibly some combination of rsync --rsh "???"
and the command="???"
option in authorized_keys
that might do the trick? The rsync
command is already using a dedicated key in authorized_keys
.
Or is there a way for rsync
to connect as an unprivileged user, be jailed, and then gain access to set file system permissions? Jailing the process is easy, but allowing the remote rsync
to gain privileges seems difficult, and allowing a jailed process to gain any permissions seems risky. (Of course, right now the process has root and any degree of restriction would be an improvement, even if only to mitigate accidents.)
Best Answer
You should be running
rsync
from your mirror with your original as the source.Depending on your use case you should either run it as a
cronjob
(periodic) or ansshkey
command (push initiated pull, effectively a push).