Bob's Notepad

Notes on projects I have done and things I have learned saved for my reference and for the world to share

Tuesday, April 22, 2008

Using sudo on a remote rsync session (via ssh)

I have been using rsync to back up almost a dozen servers for years now and I am convinced that it is the best solution for remote back ups. A couple of months ago I ran into a situation where I need to rely on one of those backups and everything went expected.... well, sort of. All of my data was there and I was able to get things back up and running on a new server in only a few hours but it would have been much quicker if the permissions and file ownership was preserved. Once I got the system back up and running I wanted to make sure my the back up process was going to start preserving the file permissions and ownership. I found that the to accomplish this you absolutely had to be putting the files on the remote server as root. Of course, this is a security concern. The solution was permitting the rsync process to have access to sudo.

Step 1:
On the server that is receiving the back ups you need to add the following line to the /etc/sudoers file (according to Johannes in comments this needs to be the last line -- thanks):

  • username ALL= NOPASSWD:/usr/bin/rsync
You will, of course, want to replace "username" with the user that the sending server will be logging in as through the rsync process. Step 2: Now you'll need to make sure that your rsync command is using the -a flag and then use the --rsync-path flag to tell it to run the rsync process on the remote via sudo. Here is an example command line:
  • rsync -av -e "ssh" --rsync-path="sudo rsync" /source/ user@server.com:/destination/
You're all set You can combine this with using automated SSH login keys. Also, I want to note that this can compromise security in some scenarios.

Labels: , , , ,

Reference Link


Creative Commons License

Posted by: Bob K Mertz
Post Time: 5:37 PM

7 Comments:

Anonymous Anonymous said...

To edit /etc/sudoers file, you can use sudo visudo command

7/6/09 10:11 PM  
Blogger JoS said...

hi Bob,
I tried your suggestion, seems not working, this is what I tried:

From server that is receiving the file:
- sudo visudo
- add the following in the /etc/sudoers:
user ALL=(ALL) NOPASSWD:/usr/bin/rsync
- restart the system manually

From the server that is sending the file:
rsync -aHpEogtv --rsync-path='sudo rsync' --delete --delay-updates -e 'ssh -2 -i /home/user/privateKey -p 443' /source user@IPADDRESS:/destination

8/6/09 1:07 AM  
Blogger JoS said...

Ah... found a resolution, apparently the command user ALL=(ALL) NOPASSWD:/usr/bin/rsync should be located at the end of /etc/sudoers file

8/6/09 5:43 AM  
Blogger Scott said...

I'm kinda late to the party, but I found this extremely helpful, thanks!

26/12/13 1:08 AM  
Anonymous Claudio said...

This is pure Hell!!!
Stop pretending you are root. Be root!
Just access the remote machine as root@remote_host.
Of course you will have to set up ssh for the user 'root' in both machines, which is the same as setting up for any other user - as long as you are a sudoer of course.
The job has to be done inside /root/.ssh/
After that simply:
sudo rsync -a -e ssh local_directory 192.168.0.123:/home/user/remote_directory
which is the same as:
sudo rsync -a -e ssh local_directory root@192.168.0.123:/home/user/remote_directory

24/6/15 9:06 AM  
Blogger M. Hassan said...

the line must be the last line!!!

Thank you so much :D

7/11/15 12:57 AM  
Blogger runwuf said...

--rsync-path="sudo rsync" did the nice trick, thank you!

7/12/15 5:36 PM  

Post a Comment

<< Home