New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Who is familiar with rsync. A little problem?
Hi
Both vps are not allowed to log in as root
Both machines A and B are logged in as user X
When A rsync to B. The file user name will be all changed to x
for example
rsync -zavP -e 'ssh -p port' xxx@IP:/home/xxx/ /home/xxx/
redis.conf --- the username is redis rsync to the remote will be changed to X
-rw-r--r-- 1 redis redis 9.4K Apr 23 12:57 redis.conf
Local---to---remote
-rw-r--r-- 1 XXX XXX 9.4K Apr 23 12:57 redis.conf
Why is this problem ?
thank you all
Comments
A non-root user cannot
chown
files to someone else (in most cases).how to solve this problem
sudo rsync -zavP -e 'ssh -p port' xxx@IP:/home/xxx/ /home/xxx/
Give the user sudo rights if they don't have it yet. For example, while logged in as that user, switch to root,
su - root
, then add the user to the sudo group, switch back to the user and run the above rsync command.Using sudo, root user cannot login to the remote host
The following cases are also unavailable
rsync -avz -e ssh /home/ xxx@ip:/remote/ --rsync-path="cat my_password.txt | sudo -Sv && sudo rsync"
Only the root user can complete rsync
https://superuser.com/questions/270911/run-rsync-with-root-permission-on-remote-machine
I would recommend that you just use the root account in the first place. If you set it up like this:
Configure your sshd_config on the target machine to PermitRootLogin without-password.
Use ssh-keygen on the machine that pulls the backup to create an SSH private key (only if you don't already have an SSH key). Do not set a passphrase. Google a tutorial if you need details for this, there should be plenty.
Append the contents of /root/.ssh/id_rsa.pub of the backup machine to the /root/.ssh/authorized_keys of your target machine.
Now your backup machine has root access to your target machine, without having to use password authentication.
then the resulting setup should be pretty safe.
If not of being root, otherwise having membership of a sufficiently privileged group, or access via sudo, are not possible, look at --fake-super and -M--fake-super (see the manpage via "man rsync" or one of the online options like https://manpages.debian.org/bullseye/rsync/rsync.1.en.html). These options use extended attributes (which most modern filesystems support: https://en.wikipedia.org/wiki/Extended_file_attributes#Linux) to store the information that otherwise cannot be preserved by a lower privileged user.
rsync -zavP --no-owner
You don’t use the root user for the rsync command or login, you use the root user to add user XXX to the sudoers list. But, I think it will still be a problem because user XXX probably won’t have sudo rights on the machine of user xxx. One work around I’ve done in a similar situation is to just make one or both users on the other machines. Then the permissions remain the same. If I’ve needed to then chown the files to another user, I just do that locally.
The reason this isn’t possible, as you’ve initially asked, is then almost anyone could use something like rsync to get into anyone else’s machines and wreak havoc. Permissions are KEY.
Wait a minute, why are you answering your own question? Was this a quiz for the rest of us???
Have you considered using BTRFS ?
The dude copied and pasted someone's response from another forum
The OP with root access scares me.