Re: Updating files in /etc Remotely (and automated)
On Sat, Sep 11, 2010 at 05:15:50PM -0400, Hal Vaughan wrote:
> I will be working with a server on the Internet that uses rsync and is running Debian. I will be setting up initial /etc/rsyncd.conf and /etc/rsyncd.secrets files on it. But along the way, whenever a new user is added, they'll need to be updated. I can use ssh on this system, but, of course, I don't want to allow root access.
>
> I'd like to be able to have these files updated automatically when I add a new user to another system. I could create new copies of the files locally, where the users are added and use scp to copy them to a directory on the server. But that's where there are problems. How can I chown the files to root, copy them to /etc, and chmod as needed for rsync to use them automatically?
>
> I don't see a way to do that without security issues. I need to somehow ssh in and do an su or run three commands as sudo (I need to mv the file, chown it, and chmod it).
>
> I am far from an expert in security, but I can see that if I have anything in place to make this easy, then anyone hacking my user account could easily mess up anything in the system.
>
> Is there some way I can set this up so I can update rsyncd.conf and rsyncd.secrets only automatically when I have the newer versions on my local system to be uploaded?
>
>
When using ssh keys to log in, you can specify (in
~/.ssh/authorized_keys) a command which will automatically run when that
key is used to log in. And that key will be useless to do anything
else. Simply using that key to conenct to the remote server will run
that command.
The authorized_keys file would look something like this:
command="/path/to/my/script" ssh-rsa AAAAB3NzaC1yc2EAAA.... me@myhost
You could use this to ssh into the remote server as root, or as a user
with very specify sudo privileges that will allow your script to run.
(The script would perform the file changes you need done, or simply
rsync them from your local machine).
-Rob
Reply to: