From owner-freebsd-isp  Wed Jun  6  5:29:31 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from femail4.sdc1.sfba.home.com (femail4.sdc1.sfba.home.com [24.0.95.84])
	by hub.freebsd.org (Postfix) with ESMTP id AAB8937B401
	for <freebsd-isp@FreeBSD.ORG>; Wed,  6 Jun 2001 05:29:23 -0700 (PDT)
	(envelope-from jim@siteplus.net)
Received: from veager.siteplus.net ([65.14.122.116])
          by femail4.sdc1.sfba.home.com
          (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP
          id <20010606122918.OERU29059.femail4.sdc1.sfba.home.com@veager.siteplus.net>;
          Wed, 6 Jun 2001 05:29:18 -0700
Date: Wed, 6 Jun 2001 08:29:16 -0400 (EDT)
From: Jim Weeks <jim@siteplus.net>
To: Erich Zigler <erichz@superhero.org>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: rsync for mirroring
In-Reply-To: <20010605235227.A500@superhero.org>
Message-ID: <Pine.BSF.4.21.0106060758450.796-100000@veager.siteplus.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Erich,

I found this article very helpful http://www.freebsddiary.org/rsync.php

You should be able to run the daemon fairly securely as (uid root) and (gid
wheel) as long as you follow the directions in the security section.  You
should also set (list=false) in order to protect the names of your
modules.

I should think that with the anonymity of your rsync user-name (which by
the way does not have to coincide with any system user-name), hidden
password and hidden module names combined with ssh encryption, you should
be fairly secure.

good luck,

--
Jim Weeks


On Tue, 5 Jun 2001, Erich Zigler wrote:

> I'm currently trying to keep two servers as semi-updated mirrors of each
> other. 
> 
> The plan is to have rsync keep the directories in sync via ssh. For security
> reasons I have created two plain joe users whose only exceptional capability
> is the ability to login to the other machine without being prompted for a
> password using ssh. 
> 
> Now my issue is that using rsync -avz -e "ssh -l /path/to/identify" /path
> user@domain:/path
> 
> Does not work. Using this line it still prompts for a password. I would rather
> not have to give joe user anymore access then he absolutley has to have. I
> would prefer to be able to run rsync as root just using joe user's identify
> files.
> 
> Any idea on how to accomplish, this or an alternative would be greatly
> appreciated. 
> 
> Thank you.
> 
> -- 
> Erich Zigler   
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message