Re: rsync over lan
tyler wrote:
[I use my lan to]
do the backup from my user account as:
rsync -av --include-from=/home/tyler/rsync_includes /
etch.mynetwork:/home/tyler/laptop
Then the ownerships all get set to tyler tyler, even when they are
originally root root. In order to preserve the ownerships, I have to run
the above command as root, which requires that I configure sshd on the
desktop to accept root logins. Even behind a NAT router, that doesn't
seem like a good idea. Am I missing something?
Often, rsync is used like this only with dedicated LAN ports, not
through a bridge. In that case, you simply use fixed IP addresses
with the dedicated ports, and use hosts.allow and hosts.deny to
set up security. In that way, unless you have an actual breach
of one of the host machines itself (as opposed to simply compromise
of the bridge) you don't get a problem. You use a different domain
for the dedicated local connections, e.g. 192 on the NAT LAN, and
172 for the dedicated ports. Then make sure that the LAN domain
is denied for the dedicated ports. The dedicated ports may
then be connected via a crossover cable, or if you want a few
machines, then via an ethernet hub. It is key not to connect
the bridge and the hub together. Then only allow root login
from the dedicated ports. I'm not expert on these matters, so
I don't know the details of how to set that up. Perhaps it's
as simple as where you permit an NFS mount to come from.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
Reply to: