So I essentially have 2 questions here. let me explain a little first, I have a server that I provide game servers on, all this game server files run in /home/user/ and then I have some other software such as firewall in /etc/ that I want to backup. Now onto my questions.

Which method is more a more secure viable option when it comes to transfering the files using the rsync daemon or over a encrypted ssh connection?

and to access the files I want to backup from one account I'd have to use root. Which I don't want to do as I have root ssh login disabled, and using root when you don't have to is bad practice. There has to be an easy way to make a user that has access to read all files on the server? Assuming rsync only needs read to copy the files.

What are some typical rsync setups, how do you have the user setup? do you use ssh or the daemon? what files do you backup?

You're right for not wanting to expose the root user over SSH, that's definitely not a SSH best practice. So that only leaves you with storing files as unprivileged user. To combat mishaps (even if your distro doesn't use a capable package management system that allows you to restore permissions and ownership) DAC data is easily retrieved: and easily restored:
Scripted rsync over SSH with unprivileged user.


Rsync is effective for files that change. With directories containing humonguous amounts of files you may run into time constraints due to checking. Certain things shouldn't be done with rsync like databases: those should be dumped, encrypted and then transferred. You won't gain much from using rsync there.

*Rsync allows you to use a "--log-file", which comes in handy when you want to check syncing details, and both "--dry-run" and "--backup" which comes in handy when testing your backup procedure.

1 members found this post helpful.

Ok so after thinking about this some more I think my solution for the permission will be makign an unprivileged user and giving it permissions to the dirs it needs through ACLS.

Edit: So another though I'm having here, should I run the copy command from the backup server and copy the remote files to the backup server, or run the command on the actuall server and copy them to the backup server. Does it really matter?

I'm thinking from a security and management perspective that if I run it from the backupserver the private key file is only on 1 server, and all the cron and scripts are all on one server.

From a security and management perspective, especially where you need root rights to access certain files (and for example passwd and shadow files should be encrypted before being pushed), you would push backups from each machine to the backup server. When setting up each machine-related backup accounts pubkey do set access and command restrictions and regularly audit logs.

just some comments:
rsyncd can run as root, and you can configure different modules (or shares or areas) using different accounts and also chroot can be used. You can connect to rsyncd over an ssh tunnel too.