Quote:
Originally Posted by Micro420
I have to use 'sudo' for root privileges.
|
I would think that putting
sudo in front of your
rsync command would work. If this needs to run as batch, you could create a special account that could run this w/o
sudo requiring the password. If you don't know how to do this, consult the
man pages for the
sudoers file and the
visudo command.
Quote:
I am using Ubuntu so I don't have a 'root' account, and I don't want to make one since script kiddies keep trying to hack into my server with username 'root'.
|
If you are talking about trying to crack into your server using
ssh, you can configure
sshd not to accept
root logins. For other accounts, requiring keys is good additional protection, where feasible. You can also use your firewall and/or tcp_wrappers to limit which IP addresses have access. If you're worried about vulnerabilities in the services you offer, those services should not be running as
root.
EDIT: I'm sorry. I was thinking your problem was with access at the machine you were
rsyncing
from. For the machine you are
rsyncing
to, I can think of a couple of things. First of all, if this is going over the Internet, or an untrusted local network, I hope you are doing this over
ssh rather than
rsh (using the -e option). And I certainly hope you don't allow
rsh access to this machine from the Internet!
The way I can think of avoiding
root that
might work is to use the
--rsync-path option to point to a script on the remote machine that that contains the command
sudo /usr/bin/rsync $*. This would have to be run as a user that can
sudo w/o entering a password as explained above. There might yet be a few kinks to work out in this proposal.
The other way would involve creating a
root account, but only allowing access to it via
sshd without a password (i.e. only with a DSA or RSA key). You can do this either by disabling the password for the
root account or by specifying
without-passwd for
PermitRootLogin in
sshd_config.
If you disable the password, you need to take care to do it in such a way that
sshd doesn't refuse all access to that account. IIRC you can do that by placing one but not two exclamation points in front of
root's password in
/etc/shadow.