How secure is rsync with no password sudo?

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
afora
Level 4
Level 4
Posts: 203
Joined: Mon Aug 26, 2019 7:35 pm

How secure is rsync with no password sudo?

Post by afora »

Hi guys,

I need to backup files with various attributes from a client to a server (both on LM19.3). One of the solutions which preserves their source attributes is to run rsync over ssh, something like that:

Code: Select all

rsync -a --rsync-path="sudo rsync" -e ssh /media/user1/source user2@server:/media/user2/destination/
However for this to work as expected, rsync needs also to be added to sudoer list as NOPASSWD on the server side:

Code: Select all

user2 ALL=NOPASSWD:/usr/bin/rsync
This setup makes backing up with attribute preservation work fine. But how secure it is to have a passwordless rsync on the server? Is it inviting problems? Or I'm thinking too much? Our main concern is unauthorised copying of sensitive data. Clearly if you can sudo rsync you can send any file from the server to an arbitrary internet location.

What are your thoughts?
Post Reply

Return to “Newbie Questions”