* Kurt Seifried wrote on Fri, Aug 31, 2001 at 15:36 -0600:
Yes rsync needs to run as root on the server, to set file perms/etc, this can be somewhat mitigated by chroot'ing it (probably will be ok, but chroot can be broken out of by root, so some buffer overflow in rsync with a hostile client might be bad news).
Yep. And in fact root permissions of the whole service are _not_ required.
Basically any backup software will have to run as root to set file perms, setuid/setgid bits, yadayada (kernel capabilities and whatnot aside).
It would be possible to have a small permission correction process, which would be more simple code - because of that not that risky. Second, it would be possible to put the permissions in some special file (TRANS.TBL or the one used when doing umsdos). This file could be used on restore operations or used by some correction process. More safe.
Hopefully that software was built with this in mind and supports some nice controls (like only write/read files in /foo/backups/*).
Well, once I overwrote local /etc/ with a buggy rsync-backup script. Well, luckyly the local backup of /etc/ was done first and correct :) But this shows the dangers. When useing tar cf - | ssh > cat backup.tar only on one side (and this is the read-only side) are required. No network-root-connections and nothing. Even a buggy ssh wrapper has only backup-user permissions. And hacker could read/steal the backups (which is very bad, too, but) not compromise systems or manipulate data. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.