Should I enable root account for rsync?

Solution 1:

1. Create new, separate mybackup user accounts on the client and server
2. Lock the passwords with sudo passwd -l mybackup for these accounts to prevent direct login
3. Allow, via sudo, those new accounts to run a very specific /usr/bin/rsync/ --some-long-command /from/here /to/there command as root with NOPASSWD: in /etc/sudoers using sudo visudo
4. Create new passwordless SSH keys for the local to the remote host using sudo -u mybackup ssh-keygen
5. Add to sudo -u crontab -e on one or other end to run the remote rsync using ssh and the keys as the transport

This way the only command that can be run as root is the one that you have explicitly allowed, and the only remote user that can activate it is the holder of the other half of the installed ssh keypair, which because it also has the password locked can only be somebody with sudo access themselves, or the crontab you set up.

Solution 2:

1. You can edit /etc/sudoers to allow whatever user is running the command (or all users) to run it as root without a password (perhaps a bit dangerous with rsync).

2. Can't you just run the whole command/script/whatever as root? I assume this is going to run via cron so just add a root job via:

   sudo crontab -e
   

   Note: you can do fairly complex things by wrapping your cron command in a bash -e "..." brace or just do it in a separate script. Assuming it's not setuid'd, if root runs it (through cron), it will run as root so that should solve your permission issue.

Solution 3:

You could (but should not) give the root user a password with

sudo passwd root

Edit: Setuid bit does not work for scripts. Otherwise, you could use the setuid bit on the backup program.

sudo chown root backup
sudo chmod u+s backup

Maybe, you even want to run the backup as a cron job?