Permissions for backup user

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have just finished setting up a backup scheme using rsnapshot over
ssh for my server.  However, in order to have access to all the files,
I'm having to do this as root.  For obvious reasons, I don't like have
root login enabled, even if it is protected with a public/private key

I would like to create a backup user to handle this.  One does not
exist on my server at present.  What permissions, group membership,
etc do I need to grant to this user to allow it to read all the
necessary files?  I have seen some examples, too, where the shell for
the user was set to rsync.  Does that work or provide more security?


Re: Permissions for backup user

J Rice wrote:
Quoted text here. Click to load it

For root access, you need to be root. QED.

However, you might consider using SSH tunneling to reach an rsync daemon on
the server, configured to allow read-only, root access, for exactly this
prupose. (I've done this with rsnapshot before, myself).

Keeping an rsync daemon to not go down mounted directories is non-trivial, and
requires advance knowledge of the mountpoints, unlike a direct rsync command.
But it can be done.

Re: Permissions for backup user

Quoted text here. Click to load it

You can set up /etc/sudoers so that the backup user is allowed to
execute the backup script as root but do nothing else as root.

Re: Permissions for backup user

Bill Marcum wrote:
Quoted text here. Click to load it

Thinking further on this, look into using rsync, SSH keys, and
'validate-rsync', as described on numerous web pages.

Re: Permissions for backup user

Quoted text here. Click to load it

EXACTLY what I needed, thanks for pointing the way.  My setup now is:

A backup user that allows access only by SSH keys and only for a
specific command, validate-rsync.
A sudoers file that allows backup to su to rsync without a password.

Site Timeline