Results 1 to 3 of 3
I want to create a special user that will run a script that creates a backup of the /etc directory using rsync. In order to let this user read all ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 08-22-2012 #1
Read only access via /etc/sudoers?
I want to create a special user that will run a script that creates a backup of the /etc directory using rsync.
In order to let this user read all of /etc, it needs to have some kind of sudo privilege.
If I make an entry in the sudoers file letting the user execute rsync within the /etc directory, then this user can also write to the /etc directory with rsync, which is not good.
Is it possible to give a user read-only access to a directory using the sudoers file? I saw a solution which restricts the user to use only /bin/cat, but I want to use rsync to make the backups.
- 08-22-2012 #2
This could be done by configuring and running rsync as a daemon.
You would start it with root privileges, hence rsyncd has potentially full access to everywhere.
Then you define a module for the path /etc.
That module would be restricted to read only by configuration.
It will also allow access for "special user".
But imho, there are better ways than this:
If I interpret your post correctly, then your goal is to have a script for systemconfigbackup,
but you want a safeguard against accidentally overwritting /etc. Is that correct?
If yes, then
1) you might want to try one of the well established backup suites like amanda or bacula.
2) and/or use a config management tool like puppet
bacula if a mere backup is enough, and puppet if you want to control and maintain your machines in a programmatical way.You must always face the curtain with a bow.
- 08-24-2012 #3
- Join Date
- Oct 2006
For something like that I would just use acls.
Essentially you would use setfacl to set that particular user to have 400 /etc.
You might have to enable the acl mount option depending on the version / distro you are running.