This seems very tricky to me.
I've set up my two systems so that I can rsync
files between them as me, without specifying password. Now the the problem is to rsync
files that belong to root
. On both of my systems, there are no root passwords. The only way to become root is via sudo
. So I can neither give a password for sudo rsyn local root@remote:
, no use my ssh-agent to supply pass phrase. I don't want to set up a root password on any systems; and I do need the files to be owned by root on both systems.
EDIT: Using the files that belong to root
is just an example, I need a way for my unprivileged account to read/write system (including root-owned) files easily. One example is to copy my configured /root environment into the freshly-installed system. The two systems are actually two VMs under a single host, so it's not a big concern for me to copy root-owned files between them.
EDIT 2: If I only want to copy my configured /root environment into the freshly-installed system, I can use tar:
sudo tar cvzf - /root | ssh me@remote sudo tar xvzf - -C /
But I do need rsync
to update from time to time. Any easy way to make it happen?
EDIT 3: Formally formulate the question
Alright, it all began with the question, how to rsync
files that belong to root between two systems as a normal unprivileged user, without specifying password, under the condition that,
- The
root
account is locked on both of systems. I.e., there are noroot
passwords. The only way to become root is viasudo
(recommended security practice, see http://help.ubuntu.com/community/RootSudo) - I don't want a completely passwordless
sudo
but don’t want to be typing passwords all the time either. - The normal unprivileged user has entered their ssh pass phrase into the ssh agent.
Thanks
Answer
The solution.
- Adding the user's ssh key to remote root works, but only half way, i.e., now
rsyn ... root@remote:...
works. The challenging part is to getsudo rsyn ...
work as well. - To get
sudo rsyn ...
work, what's need is -- Using SSH agent for sudo authentication, http://www.evans.io/posts/ssh-agent-for-sudo-authentication/ - To install pam-ssh-agent-auth PAM module under Ubuntu, you can use the ppa that I've just built, https://launchpad.net/~suntong001/+archive/ppa. Tested fine under Ubuntu 12.04 precise, and 13.10 saucy.
HTH
No comments:
Post a Comment