Fwd: Updating files in /etc Remotely (and automated)

To: debian-user <debian-user@lists.debian.org>
Subject: Fwd: Updating files in /etc Remotely (and automated)
From: "Huang, Tao" <debian@huangtao.me>
Date: Mon, 13 Sep 2010 10:56:18 +0800
Message-id: <[🔎] AANLkTinkG3QXMyY-ebDLiTJTCDCgWBZ-KY4W34CdsESs@mail.gmail.com>
In-reply-to: <4DA6720B-0AD0-4041-98ED-39E0977832DB@halblog.com>
References: <[🔎] EF953506-5924-409C-B345-B43C694DD3B6@halblog.com> <AANLkTik5KMoH6nagG2LKPRqS88rupaD=1=XTNYBrZc3P@mail.gmail.com> <4DA6720B-0AD0-4041-98ED-39E0977832DB@halblog.com>

---------- Forwarded message ----------
From: Hal Vaughan <hal@halblog.com>
Date: Sun, Sep 12, 2010 at 11:52 PM
Subject: Re: Updating files in /etc Remotely (and automated)
To: "Huang, Tao" <debian@huangtao.me>



On Sep 12, 2010, at 9:33 AM, Huang, Tao wrote:

> On Sun, Sep 12, 2010 at 5:15 AM, Hal Vaughan <hal@halblog.com> wrote:
>> I will be working with a server on the Internet that uses rsync and is running Debian.  I will be setting up initial /etc/rsyncd.conf and /etc/rsyncd.secrets files on it.  But along the way, whenever a new user is added, they'll need to be updated.  I can use ssh on this system, but, of course, I don't want to allow root access.
>>
>> I'd like to be able to have these files updated automatically when I add a new user to another system.  I could create new copies of the files locally, where the users are added and use scp to copy them to a directory on the server.  But that's where there are problems.  How can I chown the files to root, copy them to /etc, and chmod as needed for rsync to use them automatically?
>>
>> I don't see a way to do that without security issues.  I need to somehow ssh in and do an su or run three commands as sudo (I need to mv the file, chown it, and chmod it).
>>
>> I am far from an expert in security, but I can see that if I have anything in place to make this easy, then anyone hacking my user account could easily mess up anything in the system.
>>
>> Is there some way I can set this up so I can update rsyncd.conf and rsyncd.secrets only automatically when I have the newer versions on my local system to be uploaded?
>
> what about setting up a root cron job that scans a specific folder,
> let's say /home/some/where, read the changes ( in a predefined format)
> and update files in /etc. that folder can be owned by any unprivileged
> user, and further checkings (such as gpg signatures verifying) can be
> done in the cron script before any root file is writen.
>
> when new users are added, just rsync the files to /home/some/where,
> and wait for the root cron script to notice the update, verify, and

I don't know why I hadn't thought of that!  There's one other idea
someone suggested, using an automatic command with the authorized key
for ssh, but I think that would still be an issue because I don't see
how it would get around me typing in the password.

A cron job could easily run every five or ten minutes or hour and that
would still mean a new client would be up and running pretty quickly.

Thanks!

Hal

----End----

Ooops, i didn't mean to send u a private message. now i'm forwarding
it to the list.


Tao
--
http://www.google.com/profiles/UniIsland

Reply to:

References:
- Updating files in /etc Remotely (and automated)
  - From: Hal Vaughan <hal@halblog.com>

Prev by Date: Re: testing install grub install loop
Next by Date: exim4 problem delivering locally
Previous by thread: Re: Updating files in /etc Remotely (and automated)
Next by thread: Re: Updating files in /etc Remotely (and automated)
Index(es):
- Date
- Thread