On Mon, Sep 23, 2013 at 3:26 PM, Lists lists@benjamindsmith.com wrote:
Depending on how you interpret this statement, my documented process may present a (mild) improvement.
It has the backup account on the public server being a non-priviliged account only able to run a (tightly controlled) shell script which contains the sudo call. In this way, even if the backup account is compromised, it can't be used to "take down" the web server, only provide access to the data. Technically, the rsync command *is* being run as (sudo) root, but nothing else is, and the backup account has no ability to change the parameters of the rsync account.
Is there something that convinces you that sudo is better at handling the command restriction than sshd would be?