On 09/23/2013 01:02 PM, m.roth at 5-cent.us wrote: > It does have to > run as root, though, on both, to preserve ownership of home and project > directories, etc. Depending on how you interpret this statement, my documented process may present a (mild) improvement. It has the backup account on the public server being a non-priviliged account only able to run a (tightly controlled) shell script which contains the sudo call. In this way, even if the backup account is compromised, it can't be used to "take down" the web server, only provide access to the data. Technically, the rsync command *is* being run as (sudo) root, but nothing else is, and the backup account has no ability to change the parameters of the rsync account.