Date: Mon, 10 Dec 2001 11:22:14 -0800 From: Marcus Reid <marcus@blazingdot.com> To: Marc Rassbach <marc@milestonerdl.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Rsync, ssh and using root. Message-ID: <20011210112214.B82934@blazingdot.com> In-Reply-To: <Pine.BSF.4.21.0112101218390.1117-100000@tandem.milestonerdl.com>; from marc@milestonerdl.com on Mon, Dec 10, 2001 at 12:33:25PM -0600 References: <Pine.BSF.4.21.0112101218390.1117-100000@tandem.milestonerdl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 10, 2001 at 12:33:25PM -0600, Marc Rassbach wrote: > > I know that using remote root login is considered bad behavior, but > my job in implementation, not judgement of security. This is what the > client wants...put a hole in the default FreeBSD security. Darn those clients.. > The client in the old days had a 3.5 box (2 of them) and used a > combination of rsync, rsync in daemon mode, and ssh to allow root to move > data between both machines. > > What was done under 3.5 (remote keys, etc la) no longer work on 4.4. > On 4.X, it seems to fail after authencation, and I have spent 20+ hours > reading man pages, and the mail list and can't find a good work around. > (I have resisted looking at the source becuase I do not feel it is a bug, > nor do I wish to patch code to make this work) > > What I am looking for is a way to have root-level privilages for > reading/writing files between servers as the lo-tech solution they want > for the 'server backup' is moving files once a day. You could do better without much additional effort. Give the operator user a home directory, make a dsa keypair for it, and use 'dump' across the network as operator (with ssh.) You can always add 'restore' to the pipeline if you need the files to be loose on the machine that's making the backups. No use going all the way to root if operator can get its hands on all of the data. Marcus > > Guidance as to how to do this with rsync (break securty) or some other > method that does not break security is welcome. -- Marcus L. Reid Public Key ID DA2C3C46 "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011210112214.B82934>