I am using rsync --rsh "ssh" to push to a mirror. Setting the necessary file system permissions on the mirror requires rsync to run with root privileges on the mirror. However, the mirrored files are under a single hierarchy and I would like to allow rsync to access only that hierarchy and nothing else on the mirror.
How would I allow rsync to set permissions while also limiting access?
Is there possibly some combination of rsync --rsh "???" and the command="???" option in authorized_keys that might do the trick? The rsync command is already using a dedicated key in authorized_keys.
Or is there a way for rsync to connect as an unprivileged user, be jailed, and then gain access to set file system permissions? Jailing the process is easy, but allowing the remote rsync to gain privileges seems difficult, and allowing a jailed process to gain any permissions seems risky. (Of course, right now the process has root and any degree of restriction would be an improvement, even if only to mitigate accidents.)
Best Answer
You should be running
rsyncfrom your mirror with your original as the source.Depending on your use case you should either run it as a
cronjob(periodic) or ansshkeycommand (push initiated pull, effectively a push).