Dave Howorth schreef op 12-04-16 22:27:
On Tue, 2016-04-12 at 14:33 -0400, Greg Freemyer wrote:
But I doubt it would work perfectly if not run as root.
Run rsync as a daemon
"The daemon must run with root privileges if you wish to use chroot, to bind to a port numbered under 1024 (as is the default 873), or to set file ownership. Otherwise, it must just have permission to read and write the appropriate data, log, and lock files."
It's pretty secure I think. But in any case, the permissions on the backup server are a separate concern to those on the source machine.
The issue is not really with restoring "root" it would be quite obvious you would need "root" for that. I think nobody really would want to restore a full system using some sub-role or semi-administrator. Then the issue is more specific data trees. The reason you have a "data" administrator would be that that person can be responsible for data maintenance. If this data guy is going to be the one doing backups and restores, you have a problem if this guy cannot even set ownership of trees under his control, if the files have a diversity of ownerships. There would need to be a form of way to guarantee being allowed to set ownership:group. In Linux there is no setuid for files, but I read that it exists in some BSD. Maybe the change would just require a set-ownership ACL permission. I'm not sure what the conceptual objection is to setting the ownership of files to other people. "He framed me!" Conceptually perhaps it would require that the data administrator is by definition (or by configuration) a "higher-up". That logically it would be a staff role. And this staff role then needs the privilege to set ownership. But really only for the tree under his control, which would return the issue to ACLs. Personally I am still thinking about a system-wide masking solution, but that in itself precludes "users" doing that stuff on their own. Then again, users cannot create users anyway (neat feature). Maybe you could even think of a system where members of a group, and a group can have a administrator role assigned, and this is a user flag and if this user flag is set, this user can set permissions of any files to any user (ownership I mean) to any user that is also part of his group. But that requires a group hierarchy. MAYBE just a set-permission (set ownership) ACL that you can give to any group or user. AND setting this ACL requires root. That's like delegated authority. A system of delegated authority. Root sets backup ability on a directory (tree) and gives it to a user or group. Restoration now only requires an entry point (directory) that has the required ACL for that backup admin, and restoration now causes this ACL to propagate down the tree, while restoring all other ACLs from the archive. Meh. I guess. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org