LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Using rsync to backup data. Best way to backup folders? (http://www.linuxquestions.org/questions/linux-general-1/using-rsync-to-backup-data-best-way-to-backup-folders-503168/)

Micro420 11-20-2006 01:02 AM

Using rsync to backup data. Best way to backup folders?
 
I want to use rsync to backup an entire partition from Computer A to Computer B. This partition has files and directories with various permissions on it, some that I have access to and some that I don't (I am, however, the system administrator). How do I create a "universal" backup account that will let me read all the data on the partition so that I can rsync it? I am using Ubuntu so I don't have a 'root' account, and I don't want to make one since script kiddies keep trying to hack into my server with username 'root'. I have to use 'sudo' for root privileges.

blackhole54 11-20-2006 04:04 AM

Quote:

Originally Posted by Micro420
I have to use 'sudo' for root privileges.

I would think that putting sudo in front of your rsync command would work. If this needs to run as batch, you could create a special account that could run this w/o sudo requiring the password. If you don't know how to do this, consult the man pages for the sudoers file and the visudo command.

Quote:

I am using Ubuntu so I don't have a 'root' account, and I don't want to make one since script kiddies keep trying to hack into my server with username 'root'.
If you are talking about trying to crack into your server using ssh, you can configure sshd not to accept root logins. For other accounts, requiring keys is good additional protection, where feasible. You can also use your firewall and/or tcp_wrappers to limit which IP addresses have access. If you're worried about vulnerabilities in the services you offer, those services should not be running as root.

EDIT: I'm sorry. I was thinking your problem was with access at the machine you were rsyncing from. For the machine you are rsyncing to, I can think of a couple of things. First of all, if this is going over the Internet, or an untrusted local network, I hope you are doing this over ssh rather than rsh (using the -e option). And I certainly hope you don't allow rsh access to this machine from the Internet!

The way I can think of avoiding root that might work is to use the --rsync-path option to point to a script on the remote machine that that contains the command sudo /usr/bin/rsync $*. This would have to be run as a user that can sudo w/o entering a password as explained above. There might yet be a few kinks to work out in this proposal. :)

The other way would involve creating a root account, but only allowing access to it via sshd without a password (i.e. only with a DSA or RSA key). You can do this either by disabling the password for the root account or by specifying without-passwd for PermitRootLogin in sshd_config.
If you disable the password, you need to take care to do it in such a way that sshd doesn't refuse all access to that account. IIRC you can do that by placing one but not two exclamation points in front of root's password in /etc/shadow.

JZL240I-U 11-23-2006 02:13 AM

I seem to remember that you don't have to be root for rsync -- since it creates just the same pattern of groups and permissions on the new site, but I'm not sure and can't look it up right now. Have you ever thought about rsnapshot?

http://www.rsnapshot.org/


All times are GMT -5. The time now is 11:18 PM.