I'm trying to improve an existing backup. I followed the Mirror Your Web Site With Rsync guide as a starting point and currently have the following: Both servers are running Ubuntu 8.04 with ISPConfig 2 account BackupUser exists on production server and belongs to sudoers Backup server logs into production server as BackupUser over rsync, and transfers files from production server to backup server The problem is that BackupUser does not have permission to read some files and directories that need to be copied (i.e. Maildir). After lots of googling, I have found two solutions, but neither are recommended by ubuntu. Solution A: enable root account on production server and login over rsync as root Solution B: modify sudo file to disable sudo password for BackupUser when using rsync and use --rsync-path to run rsync as sudo Can someone please let me know which of these options is better, or if either option creates a serious security risk? Also, if anyone has a better suggestion that would be great!
Solution B, is more difficult as you have to configure the sudoers file right, but is definitively better. For the security risk, just limit to the strict minimum the commands your backup user is allowed to execute, and it should be fine.
