LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Remote rsync/rsnapshot backups as a limited privelege user (https://www.linuxquestions.org/questions/linux-software-2/remote-rsync-rsnapshot-backups-as-a-limited-privelege-user-743423/)

Vanyel 07-28-2009 10:53 AM

Remote rsync/rsnapshot backups as a limited privelege user
 
Hello everyone. Here's what I'm trying to do -

I run rsnapshot to backup several linux machines to different servers. Usually I just fill the authorized_keys file in /root/.ssh on my clients with the id_dsa.pub file of root on my server and have it ssh in with full privs and do the backup. On the new setup I'm creating right now, I'm trying to be more security conscious and try something new.

On the client (FWIW, this specific client is OS X), I have a user that we'll call "backup" and this user has sudo priveleges. I've edited the sudoers file so backup can only use sudo to execute rsync, and to do that without needing a password. I also put an alias in backup's .bash_profile so that rsync is actually "sudo rsync". I've tested this and it works fine. When I manually login as backup, I can execute rsync as root, sans password, without actually typing the word "sudo".

In rsnapshot.conf on the server (FC 9), I've edited it so the program ssh's in as "backup@osxclient" to do the backup, instead of "root@osxclient". However I'm still getting "permission denied" errors during the backup. I'm not quite sure how to figure this out from here. It seems that when rsnapshot logs in as "backup", it's not getting the same environment as when I manually log in as "backup". Am I on the right track? And how can I change that?

- Van

Guttorm 07-30-2009 10:27 AM

Hi

I don't know much about OS X, but I think you need to put the alias in .bashrc and not in .bash_profile. The latter file is only sourced on login shells, so if you do for example "ssh backup@osxclient somecommand", only .bashrc is read.

It should also be in the beginning of .bashrc. In the beginning of mine, there is:

# If not running interactively, don't do anything
[ -z "$PS1" ] && return


All times are GMT -5. The time now is 06:34 AM.