On 22 Nov 15:48, Chris G wrote:
On Mon, Nov 22, 2010 at 03:12:04PM +0000, Brett Parker wrote:
On 22 Nov 14:50, Chris G wrote:
Is there any way to do the equivalent of running rsync from an entry in inetd.conf that can be done by a non-provileged user?
I want to run rsync from cron to backup files to a couple of places where I have shell logins (but not the privilege to make additions to inetd.conf).
I suppose I could just run rsync in daemon mode using a cron job on the remote system (and kill it later) at the right time but that seems a little crude.
rsync with it's transport set as ssh will automagically start a daemon on the remote end as the user you're running as, so I'm not sure what you mean here...
I don't think I run a "real" rsync daemon anywhere, I simply let it do it's stuff over an ssh session.
If you look at the man page for rsync it makes a very clear distinction between two modes of operation:-
First the mode you (and I) use most of the time which makes an ssh connection to the remote and starts rsync at the remote end via the ssh connection. Second (what I want to use) a mode that communicates via port 873, see the section which starts with "It is also possible to use rsync without a remote shell as the transport."This second mode has a big advantage, you don't need any sort of passwordless ssh login if you want to run unattended backups via cron or similar. I already use it to backup to my local backup server (where I have root access of course) as it means there is no passwordless access possible to the backup system even if someone gains access to my system.
The syntax uses :: to indicate this mode, e.g.:- rsync -a /var/www backup::chris/var
As I said I want to be able to use this mode to some systems where I have shell access but not root access. I guess I could set up an extra ssh login which uses a passphraseless key but only starts an rsync daeomon process but I was wondering if there might be a way to set up a sort of user (i.e. non-root) sort of inetd.conf.
No. Only root can do inetd.conf. And that has to listen to the port and then spawns off a new process. You could run a copy of inetd as your own user, but why bother.
Are you trying to say that it's safer to push over an unencrypted rsync daemon than it is to use a passphraseless ssh key with command= set in the authorized_keys?
The only users I know of the "real" rsync daemon these days are people distributing things, and they do it read only.
Hmm.