rsync backup root files

samalogo · January 25, 2012, 2:51pm

Hi,

I am trying to use rsync utility through ssh to synchronize some root files of 2 servers.
I have a rsyncusr user in each server. I configured ssh with no password. I set NOPASSWD in the /etc/sudoers file:

rsyncusr ALL= NOPASSWD:/usr/bin/rsync

In order to make rsync able to sudo and be able to sync root files from one server to other server.

So far, I was not be able to transfer the files preserving the permissions (owner, group, etc).

To illustrate with an example. I have a file in the remote host dev3test:

-rw-r-----    1 root     system     12615680 Jan 19 16:27 dev3test

I have 2 servers:
Local: roidev
remote: roidev3

First scenario:
If I try from the local host to pull the file from the remote host to the local host:

rsyncusr@roidev-/dbbackup $ rsync -a -e "ssh" --rsync-path="/usr/local/sudo-1.6.6/bin/sudo rsync" rsyncusr@10.144.206.84:/deletefs/dev3test

The file is transferred to the local host with the following permissions :

rw-r-----    1 rsyncusr db2iadm1   12615680 Jan 19 16:27 dev3test

The owner and the group is changed.

Second scenario:
If I try from the remote host to push the file from the remote host to the local host:

rsyncusr@roidev3-/home/rsyncusr $ rsync -a -e "ssh" --rsync-path="/usr/local/sudo-1.6.6/bin/sudo rsync" /deletefs/dev3test rsyncusr@10.144.206.20:/dbbackup

I got the following error

rsync: send_files failed to open "/deletefs/dev3test": Permission denied (13)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1042) [sender=3.0.7]

Third scenario:
Loggin as a root user in the local host or in the remote host, executing the same commands:

root@roidev-/dbbackup# rsync -a -e "ssh" --rsync-path="/usr/local/sudo-1.6.6/bin/sudo rsync" rsyncusr@10.144.206.84:/deletefs/dev3test /dbbackup
rsyncusr's password: 

root@roidev3 / # rsync -a -e "ssh" --rsync-path="/usr/local/sudo-1.6.6/bin/sudo rsync" /deletefs/dev3test rsyncusr@10.144.206.20:/dbbackup
rsyncusr@10.144.206.20's password:

I can get the transfer file with the right permissions, but I am requiring for rsyncusr password.

-rw-r-----    1 root     system     12615680 Jan 19 16:27 dev3test

I can not loggin as root through the network, only I can do sudo.

I would like to know if there is a way to transfer root files preserving permissions as a different user and without password, using rsync with ssh.

thanks in advance
Samalogo

admin_xor · January 25, 2012, 4:58pm

Your 3rd scenario seems to be better. Its just that you have to setup ssh key sharing for the rsyncusr. That should work.

Another option would be to set SGID bit on the folder on the local machine where the backup is getting stored. The owner group of the directory would be "system" and you may add root as the owner. Then, you can setup ACL to explicitly allow access for rsyncusr. The files written would be with "system" as the owner group. But, still "rsyncusr" will be the owner of the file.

I would suggest, you create home directory (if it's not already setup) for the rsyncusr in the remote machine and put the ssh public key in /home/rsyncuser/.ssh/authorized_keys

samalogo · January 26, 2012, 12:12pm

Thx for replying me.

Actually, I setup in both servers the ssh keys. So if I am logging in one server as a rsyncusr and I prompt the ssh command to connect with the other server: "ssh rsyncusr@hostname", I can loggin without ask me for password in both ways. But in the third scenario I am logging as a root, so the system ask me for the rsyncusr password.

Or there are something what I am missing?

Thanks for your help
Samalogo