Context
I want to setup rsync
backups of my server, so I run the following command
rsync -r -e ssh --rsync-path="sudo rsync" rsyncuser@example.com:/ /backup/
Ideally, that command would ask my private ssh key password, then connect, then ask the sudo password for rsyncuser, and then run rsync on the server. But I got the infamous error:
sudo: no tty present and no askpass program specified
So I had to add this to /etc/sudoers
(using sudo visudo
), which basically gives passwordless full read-write access to the system to the user rsyncuser
, which is not to my taste:
rsyncuser ALL= NOPASSWD:/usr/bin/rsync
Question
How can I instead tell sudo to read its password from, say, another TTY ?
That way, I could run rsync
in one terminal window on my local machine, and use another terminal window to open a (possibly separate) ssh connexion to the server, and supply the sudo password there.
The only way I think of doing something like that would be to use an expect
script around sudo, which reads the password from a named pipe, and I would write to that pipe from the other terminal.
Note: this is more for the sake of exeprimentation and learning than any practical purpose, I'm not trying to find out how to use sudo with rsync, I've already read all I could find about that.
Best Answer
sudo
will read an environment variable,SUDO_ASKPASS
, if it is not running from a terminal (as in your case) or if -A is set. It uses this as a command to run to get the password. For example:Will prompt you for the password on stdin, and won't require a terminal.
In the specific case of what you are trying to do however, it might be better to allow root SSH login, but only with an SSH key and the command restricted to rsync. There is a good resource on this here.