rsync Permission denied backing up a remote directory to my local machine
You cannot back up a file which you cannot read otherwise, so the permissions will have to be either changed or overriden by root.
Your options in more detail:
Override the permissions by rsync'ing as
[email protected]
directly. (-
...or by configuring sudo on the server to allow password-less running of the
rsync
server-side component.me ALL=(root) NOPASSWD: /usr/bin/rsync --server --sender -vlogDtprze.iLsf . /var/www/
and
rsync --rsh="ssh [email protected] sudo" -avz /var/www/ /backups/...
-
Create a dedicated "website-backup" account on the server. Change the files' permissions to make them readable to the "website-backup" account; you may use ACLs and
setfacl
for that. Do not use this account for anything else.rsync -avz [email protected]:/var/www/ /backups/sites/mysite/
-
Write a script on the server which would dump /var/www/ into an encrypted tarball. Again, this can be done as root (via crontab) or by configuring sudo to not require a password for that script. For example:
#!/bin/sh tar c /var/www/ | gpg -e -r [email protected]
Backup would be done by pulling the entire tarball every time, which might be inefficient with large sites:
ssh [email protected] "sudo /usr/sbin/dump-website" > /backups/sites/mysite.tar.gpg
The password requirement would be removed by editing sudoers:
me ALL=(root) NOPASSWD: /usr/sbin/dump-website
In the remote host you can run rsync daemon with
uid root
in the /etc/rsyncd.conf
file.
This will allow the daemon to use the CAP_DAC_OVERRIDE
capability and read the local file system without changing permissions/ownership.
If you need just to make a backup it's a good practice to set rsync to read only mode:
read only = true