[clue] Rsync and root

marcus hall marcus at tuells.org
Fri Nov 4 09:12:50 MDT 2011 

On Thu, Nov 3, 2011 at 7:51 PM, Jason Friedman <jason at powerpull.net> wrote:

> I am wanting to synchronize two filesystems, probably with rsync, and
...
> For root to connect to another host as root, absent someone typing a
> password, SSH keys could be exchanged, or one can use RSH and .rhosts
> (unencrypted).
> If my organization discourages the use of RSH and discourages the use
> of exchanging root's keys (but accepts the exchanging of non-root
> keys), what are my options?

On Thu, Nov 03, 2011 at 08:31:08PM -0600, Will wrote:
> Use single purpose SSH keys, connect as a non-root user with an autharized
> key.  When that key is used it runs sudo and starts rsync as root.

Of course, exchanging keys of a non-root user that can sudo rsync is
essentially the same thing as exchanging keys of root, so this is getting
around the letter of the policy while violating the spirit of the policy.

What you need to do is to restrict the scope of what rsync can overwrite,
perhaps building a chroot environment or something, and restricting the
ssh user to only be able to execute the command to get into the environment
(which may invlove sudo along the way).  Also, I think you can restrict
the connection to be from the appropriate client system as well..  These
are all good to prevent spread of a compromise.

Without such restrictions, if the public key of the client system (the
one that initiates the connection) is compromised, then someone could
use the root-priviledged rsync could overwrite any file on the server
that they desired...

If the contents of the directory can be changed on either machine, then
the problem of keeping them in sync is more problematic.  Rsync can take
a whack at it (check out the -u option to update only if the file is
newer), but it fails to properly handle conflicts and deletions.  A better
tool for this is unison, which is designed to handle this.  If you are
keeping a backup, then rdiff-backup is based on librsync, but does other
things useful for backup, like maintaining previous versions, etc.

marcus hall
marcus at tuells.org

More information about the clue mailing list