Originally Posted by Micro420
I have to use 'sudo' for root privileges.
I would think that putting sudo
in front of your rsync
command would work. If this needs to run as batch, you could create a special account that could run this w/o sudo
requiring the password. If you don't know how to do this, consult the man pages
for the sudoers
file and the visudo
I am using Ubuntu so I don't have a 'root' account, and I don't want to make one since script kiddies keep trying to hack into my server with username 'root'.
If you are talking about trying to crack into your server using ssh
, you can configure sshd
not to accept root
logins. For other accounts, requiring keys is good additional protection, where feasible. You can also use your firewall and/or tcp_wrappers to limit which IP addresses have access. If you're worried about vulnerabilities in the services you offer, those services should not be running as root
EDIT: I'm sorry. I was thinking your problem was with access at the machine you were rsync
. For the machine you are rsync
, I can think of a couple of things. First of all, if this is going over the Internet, or an untrusted local network, I hope you are doing this over ssh
rather than rsh
(using the -e option). And I certainly hope you don't allow rsh
access to this machine from the Internet!
The way I can think of avoiding root
work is to use the --rsync-path
option to point to a script on the remote machine that that contains the command sudo /usr/bin/rsync $*
. This would have to be run as a user that can sudo
w/o entering a password as explained above. There might yet be a few kinks to work out in this proposal.
The other way would involve creating a root
account, but only allowing access to it via sshd without a password
(i.e. only with a DSA or RSA key). You can do this either by disabling the password for the root
account or by specifying without-passwd
If you disable the password, you need to take care to do it in such a way that sshd
doesn't refuse all access to that account. IIRC you can do that by placing one but not two exclamation points in front of root
's password in /etc/shadow