Wednesday, 21 February 2018

linux - Rsync root files between systems without specifying password


This seems very tricky to me.


I've set up my two systems so that I can rsync files between them as me, without specifying password. Now the the problem is to rsync files that belong to root. On both of my systems, there are no root passwords. The only way to become root is via sudo. So I can neither give a password for sudo rsyn local root@remote:, no use my ssh-agent to supply pass phrase. I don't want to set up a root password on any systems; and I do need the files to be owned by root on both systems.


EDIT: Using the files that belong to root is just an example, I need a way for my unprivileged account to read/write system (including root-owned) files easily. One example is to copy my configured /root environment into the freshly-installed system. The two systems are actually two VMs under a single host, so it's not a big concern for me to copy root-owned files between them.


EDIT 2: If I only want to copy my configured /root environment into the freshly-installed system, I can use tar:


sudo tar cvzf - /root | ssh me@remote sudo tar xvzf - -C /

But I do need rsync to update from time to time. Any easy way to make it happen?


EDIT 3: Formally formulate the question


Alright, it all began with the question, how to rsync files that belong to root between two systems as a normal unprivileged user, without specifying password, under the condition that,



  1. The root account is locked on both of systems. I.e., there are no root passwords. The only way to become root is via sudo (recommended security practice, see http://help.ubuntu.com/community/RootSudo)

  2. I don't want a completely passwordless sudo but don’t want to be typing passwords all the time either.

  3. The normal unprivileged user has entered their ssh pass phrase into the ssh agent.


Thanks



Answer



The solution.



  1. Adding the user's ssh key to remote root works, but only half way, i.e., now rsyn ... root@remote:... works. The challenging part is to get sudo rsyn ... work as well.

  2. To get sudo rsyn ... work, what's need is -- Using SSH agent for sudo authentication, http://www.evans.io/posts/ssh-agent-for-sudo-authentication/

  3. To install pam-ssh-agent-auth PAM module under Ubuntu, you can use the ppa that I've just built, https://launchpad.net/~suntong001/+archive/ppa. Tested fine under Ubuntu 12.04 precise, and 13.10 saucy.


HTH


No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...