Ssh – RSync over SSH – permission denied even though the user is in the root group

permissionsrootrsyncssh

I have a need to copy files between servers through the web. I'm using RSYNC over ssh to do so.
The problem is, I need to be able to transfer files, no matter where the files is.

I created a user rsync and : usermod -G root -a rsync to give him the right to read/write anywhere on both servers.

During the transfer, I see this error:

rsync: mkstemp "/root/.myFile.RDr2HY" failed: Permission denied (13)

I don't understand what's happening.

edit: I just found out that the destination folder didn't have the write access for the root group. How would I give 100% access to this rsync user ? If I change its uid to 0, rsync stop working.

Best Answer

What you've done, usermod -G root -a rsync, is to add the rsync user to the root group. This has no effect whatsoever on most systems, because the root group is not special. There are systems where being in the root group is necessary to escalate privileges to the root user, but it is never sufficient (the root group is the group of users who may use sudo, or some equivalent setup).

In terms of security, giving a user the permission to write files anywhere is exactly equivalent to giving that user root powers. (The user can overwrite /bin/su, or /etc/passwd, or /usr/sbin/sshd, or any number of other programs and databases that would let her set up a backdoor for herself.)

If you need to access arbitrary files over ssh, allow ssh logins as root. Not with a password (or else a long, randomly generated one), just with a key (which you'll need to protect carefully, of course). In /etc/sshd_config, put

PermitRootLogin yes

Related Solutions

Rsync – maintain ‘root’ permission on another machine

You can set up SSH keys, and place your public key in root's ~root/.ssh/authorized_keys2 file on newserver. That way you can do the entire process as root.

Alternativly you can set root's password via:

sudo passwd root

But SSH keys are more secure and (IMHO) more convenient.

Ubuntu – Rsync over ssh with root access on both sides

Actually you do NOT need to allow root athentication via SSH to run rsync as Antoine suggests. The transport and system authentication can be done entirely over user accounts as long as you can run rsync with sudo on both ends for reading and writing the files.

As a user on your destination server you can suck the data from your source server like this:

sudo rsync -aPe ssh --rsync-path='sudo rsync' boron:/home/fred /home/

The user you run as on both servers will need passwordless* sudo access to the rsync binary, but you do NOT need to enable ssh login as root anywhere. If the user you are using doesn't match on the other end, you can add user@boron: to specify a different remote user.

Good luck.

*or you will need to have entered the password manually inside the timeout window.

Best Answer

Related Solutions

Rsync – maintain ‘root’ permission on another machine

Ubuntu – Rsync over ssh with root access on both sides

Related Topic