Running remote rsync as root when root login is disabled

Rsync is widely used tool for incremental file transfer. It has several features that make it very attractive for easy to setup backup policy. You can run it over ssh to for additional security. Here's the issue here: most ssh servers are configured not to allow root login ("PermitRootLogin" set to "no"), but you need root permissions to read certain files. Here's the remedy for this.

First, on the remote server add the rsync user to the sudoers file, so that he can execute rsync with no password. Add this to /etc/sudoers:

rsyncuser ALL= NOPASSWD:/usr/bin/rsync 

Then use --rsync-path option to make rsync run with sudo:

[user@localserver]$ rsync -a -e "ssh" --rsync-path="sudo rsync" rsyncuser@remoteserver:/data/to/sync /archive/

 

Comments:

Paul Theodoropoulos (23-10-2012 00:54) :
Very nice. Found this right when i needed it. thank you!

(31-01-2013 06:15) :
Great stuff. Solved a problem where the backup server can reach the remote server, but root login is disabled, and the remote server doesn't have direct ssh access to the backup server.

Dan (29-01-2015 18:30) :
Thank you! Very helpful, and this solved my problem perfectly.

Back to articles list

This page was last modified on 2024-03-28 12:18:30