I want to have a user who has access to all the files and folders on the system. This is for the purpose of using RSYNC on a local machine to backup a remote machine.
At the moment we are using the user backups
and although we have added this user to the groups sudo
and admin
rsync still returns messages like:
rsync: opendir "/location/to/folder" failed: Permission denied (13)
rsync: send_files failed to open "/location/to/file": Permission denied (13)
Any idea how we give the user backups
permission to access everything (short of adding the user to all groups ever – the remote server we are trying to backup is a dedicated hosting server where every account has its own user on the system).
Thanks for any help.
Best Answer
Just adding the user
backups
to the user groupsudo
does not automatically give the account access to all files on the system. It gives the user the permission to run thesudo
command.Since you are using public key authentication (presumably without a passphrase), I would approach this with security and ease of implementation in mind. Using
ssh
allows you to restrict the user to execute only very specific commands. In this case, you can allow the userbackups
to executersync
with superuser permissions.You have already performed the key exchange and verified authentication is successful. In the
authorized_keys
file on the remote host that you are backing the/home
directory from, you can add acommand=
directive to the key that is used by the userbackups
. This directive will only allow that command to be run when that key is used for authentication. So the first field of the key would look similar to this:You can go even further and add more options to the key, such as
from=myhost,no-pty,no-X11-forwarding
.This should give you decent security and not require you to modify the underlying file system permissions. You will probably need to play with the command that you place in the
authorized_keys
file until it works like you expect; it may take a bit to wrap your brain around it. The command specified in theauthorized_keys
will basically override thersync
options you will pass from the connecting host.Lots of good information in
man sshd
. You want to specifically read the AUTHORIZED_KEYS FORMAT section.