This seems very tricky to me.
I've set up my two systems so that I can rsync
files between them as me, without specifying password. Now the the problem is to rsync
files that belong to root
. On both of my systems, there are no root passwords. The only way to become root is via sudo
. So I can neither give a password for sudo rsyn local root@remote:
, no use my ssh-agent to supply pass phrase. I don't want to set up a root password on any systems; and I do need the files to be owned by root on both systems.
EDIT: Using the files that belong to root
is just an example, I need a way for my unprivileged account to read/write system (including root-owned) files easily. One example is to copy my configured /root environment into the freshly-installed system. The two systems are actually two VMs under a single host, so it's not a big concern for me to copy root-owned files between them.
EDIT 2: If I only want to copy my configured /root environment into the freshly-installed system, I can use tar:
sudo tar cvzf - /root | ssh me@remote sudo tar xvzf - -C /
But I do need rsync
to update from time to time.
Any easy way to make it happen?
EDIT 3: Formally formulate the question
Alright, it all began with the question, how to rsync
files that belong to root between two systems as a normal unprivileged user, without specifying password, under the condition that,
- The
root
account is locked on both of systems. I.e., there are noroot
passwords. The only way to become root is viasudo
(recommended security practice, see http://help.ubuntu.com/community/RootSudo) - I don't want a completely passwordless
sudo
but don’t want to be typing passwords all the time either. - The normal unprivileged user has entered their ssh pass phrase into the ssh agent.
Thanks
Best Answer
You can do it directly with rsync with creative using of
--rsync-path
option. So you would use:Note that this require that "sudo rsync" on remote host will NOT ask for passphrase. That can be accomplished in several ways:
sudo -v
on remote before running rsync (ideal for one-off rsync jobs). Your sudo must not usetty_tickets
option for this to work.username ALL= NOPASSWD:/usr/bin/rsync
in/etc/sudoers
on remote host./etc/pam.d/sudo
Of course, you could also instead of "rsync over ssh" use "rsync in daemon mode" (see
rsyncd.conf(5)
and/etc/default/rsync
on Debian GNU/Linux for example) to accomplish what you want, with additional benefit of better speed of transfer.