I'm currently facing the following problem:
I set up rdiff-backup on a backup machine running Ubuntu and would like to be able to backup my production machine running CentOS; My setup looks as follows:
- backup user on both machines
- working ssh key (I am able to connect from the backup machine to my remote production machine)
- on the production server the backup user is limited to just execute the rdiff-backup command via
authorized_keys:command="rdiff-backup --server --restrict-read-only /",from="{backup machine's IP}",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa [KEY HERE] - my backup script on the backup machine runs the following command to initiate the backup:
rdiff-backup --include-globbing-filelist "${INCLUDE_LIST}" --exclude '**' --remote-schema 'ssh -C %s sudo rdiff-backup --server' ${REMOTE_USER}@${REMOTE_HOST}::/ "${TARGET_DIR}" - the backup user on the remote production server got an according sudoers entry:
backup ALL=(root) NOPASSWD: /usr/bin/rdiff-backup --server --restrict-read-only /
I hoped that I could limit the backup user as much as possible but keeping the 'read everything root privilege'. When I run my backup script I'm getting ListErrors:
ListError etc/httpd/conf/.ssl/[...] [Errno 13] Permission denied: '/etc/httpd/conf/.ssl/[...]'
I don't quite understand why the backup user running all commands with sudo is not allowed to read some files. Would be so happy if somebody could point me to the right direction.
One thing I recognized: ssh <remote_host> 'sudo whoami' gives me the following error message: sudo: sorry, you must have a tty to run sudo. I am not sure whether this is somehow related to the rdiff-backup problem.
Thanks a lot in advance!
