I use BackupPC as backup software and had to think about similar situation. Basically BackupPC does login via SSH (root) and starts tar on the remore host. I did not want to give the BackupPC user root permissions and i did not want to allow user BackupPC to run tar as root (just allowing him to run tar with certain paramaters). I came up with the following solution (should be easy to adopt to rsync): the first shell script is used as login shell for user backuppc, the second is the wrapper script that calls tar and ensures its only called with the right parameters (script looks complicated, but thats just due to the parameter processing for BackupPC). You need to configure sudo to allow the backup user to execute your wrapper script with root permissions. Hope this helps and gives you some ideas peace, Tom p.s.: i hope i dont do something very bad here, security wise. if someone finds something really crappy here, i would be glad if they let me know :) --->8------------------------------------------------------ #!/bin/bash # # Simple shellscript that is called as login shell # for the backup user. All it does, is calling the # tar wrapper script via sudo # shift sudo /usr/local/bin/tar-wrap $* --------------------------->8------------------------------ the backuppc user is allowed to call tar-wrap via sudo with root rights. #!/bin/sh # # client side tar wrapper for BackupPC # Patch of Tar.pm is needed to send "--exclude=name" as "name" # # 20th Feb. 2003: V1.0b, Thomas Seliger # - initial release # # PARAMETER DOCUMENTATION # ----------------------- # # $1 is backupmode (fbackup|ibackup|restore) # # $1 is backupmode (fbackup|ibackup|restore) # # if backupmode fbackup: # $2 is sharename # $3 - $* are the tar "--excluse=" excludes (last . ist omitted) # # if backupmode ibackup: # $2 is sharename # $3 is "--newer=" date parameter for tar # $4 - $* are the excludes (last . ist omitted) # # if backupmode restore: # $2 is sharename ############################################################################################ # Configuration Settings ############################################################################################ ALLOW_RESTORE="no" TAR_CMD=/bin/tar ############################################################################################ # Dirty Code ahead ;) ############################################################################################ case "$1" in fbackup) # Save sharename (Argument2) SHARENAME=$2 # Shift twice to have only the exclude arguments left shift 2 # Generate the --excludes for tar, but omit the "." EX_TEMP=$* EXCLUDES="" for DIR in $EX_TEMP; do if [ $DIR != . ]; then EXCLUDES=$EXCLUDES" --exclude=$DIR" fi done $TAR_CMD -c -v -f - -C "$SHARENAME" --totals $EXCLUDES . ;; ibackup) # Save sharename (Argument2), tar newer paramter (Argument3) SHARENAME=$2 NEWER=$3 # Shift three times to have only the exclude arguments left shift 3 # Generate the --excludes for tar, but omit the "." EX_TEMP=$* EXCLUDES="" for DIR in $EX_TEMP; do if [ $DIR != . ]; then EXCLUDES=$EXCLUDES" --exclude=$DIR" fi done $TAR_CMD -c -v -f - -C "$SHARENAME" --totals --newer="$NEWER" $EXCLUDES . ;; restore) if [ $ALLOW_RESTORE=yes ]; then $TAR_CMD -x -p --numeric-owner --same-owner -v -f - -C "$2" else echo Restore not allowed! exit 111 fi ;; *) echo No argument given echo Usage: tar-wrap fbackup\|ibackup\|restore param1 param2 ;; esac