rsync Permission denied backing up a remote directory to my local machine
Solution 1
You cannot back up a file which you cannot read otherwise, so the permissions will have to be either changed or overriden by root.
Your options in more detail:
Override the permissions by rsync'ing as
[email protected]
directly. (...or by configuring sudo on the server to allow password-less running of the
rsync
server-side component.me ALL=(root) NOPASSWD: /usr/bin/rsync --server --sender -vlogDtprze.iLsf . /var/www/
and
rsync --rsh="ssh [email protected] sudo" -avz /var/www/ /backups/...
Create a dedicated "website-backup" account on the server. Change the files' permissions to make them readable to the "website-backup" account; you may use ACLs and
setfacl
for that. Do not use this account for anything else.rsync -avz [email protected]:/var/www/ /backups/sites/mysite/
Write a script on the server which would dump /var/www/ into an encrypted tarball. Again, this can be done as root (via crontab) or by configuring sudo to not require a password for that script. For example:
#!/bin/sh tar c /var/www/ | gpg -e -r [email protected]
Backup would be done by pulling the entire tarball every time, which might be inefficient with large sites:
ssh [email protected] "sudo /usr/sbin/dump-website" > /backups/sites/mysite.tar.gpg
The password requirement would be removed by editing sudoers:
me ALL=(root) NOPASSWD: /usr/sbin/dump-website
Solution 2
In the remote host you can run rsync daemon with
uid root
in the /etc/rsyncd.conf
file.
This will allow the daemon to use the CAP_DAC_OVERRIDE
capability and read the local file system without changing permissions/ownership.
If you need just to make a backup it's a good practice to set rsync to read only mode:
read only = true
Related videos on Youtube
Aspartame_Xu
Updated on September 18, 2022Comments
-
Aspartame_Xu over 1 year
I'm getting the error mentioned in the title.
I found this similar question: Run rsync with root permission on remote machine. That doesn't answer my question.
I'm the admin on the remote server and I want to use
rsync
to back up files to my local box. Here's my rsync command:$ rsync -avz [email protected]:/var/www/ /backups/Sites/MySite/
It mostly works. Login is via a keypair. I don't and can't use a password (EDIT: to login via SSH). Just a few files won't transfer due to permissions. I don't want to change those permissions.
Here's the error:
receiving file list ... done rsync: send_files failed to open "/var/www/webapp/securestuff/install.php": Permission denied (13)
I do not want to change the permissions on that file. It (and others like it) should not be readable (except by root).
This has to run in a cron job and I prefer a simple one-line solution using only the rsync command. The next choice would be a shell script I can call from the cron job. In no case can I manually log into the remote machine and become root (because I'll be sleeping when this runs.
How can I use rsync to back it up to my local box?
-
Florenz Kley about 12 yearscan you please show us something like ssh [email protected] "cat /var/www/webapp/securestuff/install.php" >localfile ?
-
Aspartame_Xu about 12 years@Florenz Kley: I don't understand your comment
-
Aspartame_Xu about 12 years@Florenz Kley: ssh [email protected] "echo mypassword | sudo -S cat /var/www/webapp/securestuff/install.php" > localfile
-
Bob Stein about 5 yearsI got
rsync: send_files failed to open "/cygdrive/...": Permission denied (13)
. So my source computer was Windows cygwin. Slightly different situation, but for posterity, my solution was to right-click cmd.exe and Run as administrator.
-
-
Aspartame_Xu about 12 yearsThere are ways to give rsync root access. I just don't know them. What I'm asking for is how to give rsync root access to back up these files. Maybe I need to revisit the answer to "Run rsync with root permission on remote machine" and see if I can figure it out...
-
Aspartame_Xu about 12 yearsThanks. Good suggestions. Either one will probably work for me. I'm also considering using the solution at superuser.com/questions/270911/… if I can figure out its potential side effects.
-
Aspartame_Xu about 12 yearsBTW, I meant either of the last 2 choices. Logging in as root via SSH is not allowed on the server.
-
user1686 about 12 years@MountainX: I separated out "rsync via sudo" as a separate choice. It might work as well.
-
Aspartame_Xu about 12 yearsThanks! "rsync via sudo" would be my preferred choice. I will try your suggestion. It looks like I need to implement this using visudo on Ubuntu on the server. I haven't messed with visudo much, but you've given me enough to get me started. Thanks again.