ISPConfig backup - Rsync + Sudo

Discussion in 'Installation/Configuration' started by patrick3853, Dec 16, 2009.

  1. patrick3853

    patrick3853 New Member

    I'm trying to improve an existing backup. I followed the Mirror Your Web Site With Rsync guide as a starting point and currently have the following:

    • Both servers are running Ubuntu 8.04 with ISPConfig 2
    • account BackupUser exists on production server and belongs to sudoers
    • Backup server logs into production server as BackupUser over rsync, and transfers files from production server to backup server

    The problem is that BackupUser does not have permission to read some files and directories that need to be copied (i.e. Maildir). After lots of googling, I have found two solutions, but neither are recommended by ubuntu.

    Solution A: enable root account on production server and login over rsync as root

    Solution B: modify sudo file to disable sudo password for BackupUser when using rsync and use --rsync-path to run rsync as sudo

    Can someone please let me know which of these options is better, or if either option creates a serious security risk? Also, if anyone has a better suggestion that would be great!
  2. jnsc

    jnsc rotaredoM Moderator

    Solution B, is more difficult as you have to configure the sudoers file right, but is definitively better.

    For the security risk, just limit to the strict minimum the commands your backup user is allowed to execute, and it should be fine.

Share This Page