On Mon, Sep 23, 2013 at 3:26 PM, Lists <lists@xxxxxxxxxxxxxxxxxx> wrote:
> >
> Depending on how you interpret this statement, my documented process may
> present a (mild) improvement.
>
> It has the backup account on the public server being a non-priviliged
> account only able to run a (tightly controlled) shell script which
> contains the sudo call. In this way, even if the backup account is
> compromised, it can't be used to "take down" the web server, only
> provide access to the data. Technically, the rsync command *is* being
> run as (sudo) root, but nothing else is, and the backup account has no
> ability to change the parameters of the rsync account.
Is there something that convinces you that sudo is better at handling
the command restriction than sshd would be?
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
