Hello. I am making up regular backup procedure of a web server (sitting in the datacenter). There are a lot of files created by www-run (uploaded by users) needs to be backed up from my office. These file permission is 600. The backup script run in my office desktop, use ssh to fetch updated files and create backup in my office. ideas: 1. I can adjust umask so that the files created by apache has some user permission like 644 so that the back up script can use ssh to connect to the server as any user and being able to read these files; 2. I can adjust sshd permission to allow root remotely login to ssh (previous setting by our administrator is: root is not allowed for sshd, you must first login as a normal user and 'su', this is said to be more secure), and the backup script should run as 'root' on the web server, thus it can read these files belonging to www-run without necessarily have permission to do so; 3. tweak idea (2) a little bit, use 'sudo' rather then login as root to the web server. 4. I can adjust /etc/passwd to make the login shell of www-run to be /bin/bash (was: /bin/false) so that the backup script can ssh to the web server as www-run, this it can read any file apache server can read; Which method is more secure? How do you suggest me to do?