Re: rsync over lan

To: debian-user@lists.debian.org
Subject: Re: rsync over lan
From: Celejar <celejar@gmail.com>
Date: Tue, 9 Sep 2008 21:30:01 -0400
Message-id: <[🔎] 20080909213001.53234584.celejar@gmail.com>
In-reply-to: <[🔎] 877i9kvlx4.fsf@blackbart.sedgenet>
References: <[🔎] 877i9kvlx4.fsf@blackbart.sedgenet>

On Tue, 09 Sep 2008 22:17:59 -0300
tyler <tyler.smith@mail.mcgill.ca> wrote:

> Hi,
> 
> With some help from the good people on this list, I got a simple home
> network setup, and I'm now using it to backup my laptop to my desktop
> using rsync. I have one question though - I'm backing up /etc, /home,
> /opt, and parts of /usr and /var. I want to preserve ownership, but if I
> do the backup from my user account as:
> 
> rsync -av --include-from=/home/tyler/rsync_includes /
>   etch.mynetwork:/home/tyler/laptop
> 
> Then the ownerships all get set to tyler tyler, even when they are
> originally root root. In order to preserve the ownerships, I have to run
> the above command as root, which requires that I configure sshd on the
> desktop to accept root logins. Even behind a NAT router, that doesn't
> seem like a good idea. Am I missing something?

A)  The Debian ssh maintainer thinks that root logins should be allowed;
this is a very old argument.  From the README.Debian:

> Having PermitRootLogin set to yes means that an attacker that knows
> the root password can ssh in directly (without having to go via a user
> account). If you set it to no, then they must compromise a normal user
> account. In the vast majority of cases, this does not give added
> security; remember that any account you su to root from is equivalent
> to root - compromising this account gives an attacker access to root
> easily. If you only ever log in as root from the physical console,
> then you probably want to set this value to no.
> 
> As an aside, PermitRootLogin can also be set to "without-password" or
> "forced-commands-only" - see sshd(8) for more details.
> 
> DO NOT FILE BUG REPORTS SAYING YOU THINK THIS DEFAULT IS INCORRECT!
> 
> The argument above is somewhat condensed; I have had this discussion
> at great length with many people. If you think the default is
> incorrect, and feel strongly enough to want to argue about it, then
> send email to debian-ssh@lists.debian.org. I will close bug reports
> claiming the default is incorrect.

B)  Fakeroot can apparently more or less do what you want; install it,
and read README.saving.  It claims to be usable with rsync to do
exactly what you want (although it says that "it will not work
perfectly"); I haven't tried it.

> Tyler

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to:

Follow-Ups:
- Re: rsync over lan
  - From: Tzafrir Cohen <tzafrir@cohens.org.il>

References:
- rsync over lan
  - From: tyler <tyler.smith@mail.mcgill.ca>

Prev by Date: Way OT: OpenDNS
Next by Date: Re: rsync over lan
Previous by thread: rsync over lan
Next by thread: Re: rsync over lan
Index(es):
- Date
- Thread