I'm backing up servers on a backup server. Each server which is backed up has it's own account on the backup server, and the files are rsynced. It is important that the permissions remain intact (using rsync -p) to simplify restores.
I'm trying to create a script which can read the files and create some statistics. I don't like that script to be running under the root user, and it it also impossible to run it for every backup user, as the script should be able to read all files from all users. However, this creates a problem when a file is for example chmodded 600. I don't want to touch permissions, but another user except for root and the owner can't read it.
A specific – non root – user should be able to read all files in a directory or partition, regardless the permission levels (and the owner of the files should have no way to prevent it). Is there a way to achieve this? I'm running FreeBSD with a ZFS volume.
Best Answer
Use
sudo
.If your
sudoers
file lists an exact and specific command then the command must be called exactly as listed in thesudoers
or it will be denied.E.g.:
In this example the user
backup
can execute the command exactly as shown:If they call
sudo rsync...
instead ofsudo /usr/bin/rsync
the command fails, or if the flags or paths are different the command fails.If you're doing this in a script then you want to enable passwordless use of those commands:
For more see the
sudoers(5)
man page underCmnd_list
.