rsync Permission denied backing up a remote directory to my local machine

rsync file-permissions

84,645

Solution 1

You cannot back up a file which you cannot read otherwise, so the permissions will have to be either changed or overriden by root.

Your options in more detail:

Override the permissions by rsync'ing as [email protected] directly. (

...or by configuring sudo on the server to allow password-less running of the rsync server-side component.

me    ALL=(root) NOPASSWD: /usr/bin/rsync --server --sender -vlogDtprze.iLsf . /var/www/

and

rsync --rsh="ssh [email protected] sudo" -avz /var/www/ /backups/...

Create a dedicated "website-backup" account on the server. Change the files' permissions to make them readable to the "website-backup" account; you may use ACLs and setfacl for that. Do not use this account for anything else.
```
rsync -avz [email protected]:/var/www/ /backups/sites/mysite/
```
Write a script on the server which would dump /var/www/ into an encrypted tarball. Again, this can be done as root (via crontab) or by configuring sudo to not require a password for that script. For example:
```
#!/bin/sh
tar c /var/www/ | gpg -e -r [email protected]
```
Backup would be done by pulling the entire tarball every time, which might be inefficient with large sites:
```
ssh [email protected] "sudo /usr/sbin/dump-website" > /backups/sites/mysite.tar.gpg
```
The password requirement would be removed by editing sudoers:
```
me     ALL=(root) NOPASSWD: /usr/sbin/dump-website
```

Solution 2

In the remote host you can run rsync daemon with

uid root

in the /etc/rsyncd.conf file.

This will allow the daemon to use the CAP_DAC_OVERRIDE capability and read the local file system without changing permissions/ownership.

If you need just to make a backup it's a good practice to set rsync to read only mode:

read only = true

84,645

Aspartame_Xu

Updated on September 18, 2022

Comments

Aspartame_Xu over 1 year
I'm getting the error mentioned in the title.

I found this similar question: Run rsync with root permission on remote machine. That doesn't answer my question.

I'm the admin on the remote server and I want to use rsync to back up files to my local box. Here's my rsync command:
```
$ rsync -avz [email protected]:/var/www/ /backups/Sites/MySite/
```
It mostly works. Login is via a keypair. I don't and can't use a password (EDIT: to login via SSH). Just a few files won't transfer due to permissions. I don't want to change those permissions.

Here's the error:
```
receiving file list ... done
rsync: send_files failed to open "/var/www/webapp/securestuff/install.php": Permission denied (13)
```
I do not want to change the permissions on that file. It (and others like it) should not be readable (except by root).

This has to run in a cron job and I prefer a simple one-line solution using only the rsync command. The next choice would be a shell script I can call from the cron job. In no case can I manually log into the remote machine and become root (because I'll be sleeping when this runs.

How can I use rsync to back it up to my local box?
- Florenz Kley about 12 years
  
  can you please show us something like ssh [email protected] "cat /var/www/webapp/securestuff/install.php" >localfile ?
- Aspartame_Xu about 12 years
  
  @Florenz Kley: I don't understand your comment
- Aspartame_Xu about 12 years
  
  @Florenz Kley: ssh [email protected] "echo mypassword | sudo -S cat /var/www/webapp/securestuff/install.php" > localfile
- Bob Stein about 5 years
  
  I got rsync: send_files failed to open "/cygdrive/...": Permission denied (13). So my source computer was Windows cygwin. Slightly different situation, but for posterity, my solution was to right-click cmd.exe and Run as administrator.
Aspartame_Xu about 12 years

There are ways to give rsync root access. I just don't know them. What I'm asking for is how to give rsync root access to back up these files. Maybe I need to revisit the answer to "Run rsync with root permission on remote machine" and see if I can figure it out...
Aspartame_Xu about 12 years

Thanks. Good suggestions. Either one will probably work for me. I'm also considering using the solution at superuser.com/questions/270911/… if I can figure out its potential side effects.
Aspartame_Xu about 12 years

BTW, I meant either of the last 2 choices. Logging in as root via SSH is not allowed on the server.
user1686 about 12 years

@MountainX: I separated out "rsync via sudo" as a separate choice. It might work as well.
Aspartame_Xu about 12 years

Thanks! "rsync via sudo" would be my preferred choice. I will try your suggestion. It looks like I need to implement this using visudo on Ubuntu on the server. I haven't messed with visudo much, but you've given me enough to get me started. Thanks again.