Run as cronjob in the background
Ok, so you have a few options here.
The ones above are pretty good when it comes to rsync as a normal user with sudo permissions on (both) other side(s).
I had this same problem, the only difference was that I wanted to run this as a cronjob at night.
Step 1
I work with ssh-keys (this makes it possible to login to a remote host without password authentication while still being very secure!!)
- Create a ssh-key on your source computer (server) with the following command:
ssh-keygen
You will be prompted a few options, just press enter every time (do not (enter) set a password!!).
This command creates 2 different keys.
1. An id_rsa_pub key: this key needs to be copied to the remote (destination server) host.
2. An id_rsa: this is a private key and you do not want to mess with this key. Make sure no one can see this key (read permissions). Only you should have the right to see this key.
Step 2
- The moment you have generated the keys, it is time to copy the id_rsa_pub key to the remote computer (server). You can do this with the following command:
ssh-copy-id user@remoteserver.example
You will be prompted to fill in your password for default ssh access. Just enter your password and the ssh-copy-id command will do the rest for you.
Time to test
- Now, ssh into the remote server (the destination you used with the ssh-copy-id command).
You can consider the test successful if you do not get to see a prompt to enter a password.
Now you can do rsync commands to a remote host without having to fill in a password all the time! Also you can autocomplete on the destination host from within your source host. That is pretty neat if you ask me (example ssh 192.168.1.100: "press two time the tab button to autocomplete the rest of the command. Note that the ip address 192.168.1.100 is the ip address of the destination server).
Now you can do a rsync command from a cronjob with a normal "sudo" user (no need for root access on both servers for ssh for using user root).
Just do the same as described above, but add one option:
sudo rsync --rsync-path="sudo rsync" -az --delete -e "ssh -p 1022 -l **buser** -i /home/**buser**/.ssh/id_rsa" /path/to/rsync user@destinationserver.example:
Note that buser (BackupUSER, is my user who uses the ssh-key to login through ssh without being prompted for a password). Change buser to your username who uses the ssh-key login method.
Note the last character in the command ends with a ":"
This means that you are copying files to the home folder of the remote user. If you want to deviate to another location outside your home directory, you can achieve this by adding the absolute path after the ":" For example:
sudo rsync --rsync-path="sudo rsync" -az --delete -e "ssh -p 1022 -l **buser** -i /home/**buser**/.ssh/id_rsa" /path/to/rsync user@destinationserver.example:/srv/backup_folder
Explaining the option "ssh -p 1022 -l username -i /home/username/.ssh/id_rsa"
ssh -p 1022 ssh uses the default port 22. I deviate from the default port because my ssh-server listens to port 1022.
-l username the user defined who can login to the remote host with the ssh-key authentication method. In my case, this is the user BUSER.
-i (stands for Identity) uses the private key which we created with the ssh-keygen command. It points to where this key is stored. The default location is in the users home folder in a hidden directory called ssh (/home/username/.ssh/id_rsa).
I hope this will help other users to automate their backup through cron in a secure matter.
Double check
From the source machine (server), make sure you execute your command (script) as the ROOT user (if you make a cronjob, you have to make sure that you are the user root (#) when creating the cronjob)
Make sure the user on the destination server has sudo rights.
Make sure you have done the visudo as Keith describes in his answer!
It's much better to check the answer on the same question on Unix SE http://unix.stackexchange.com/questions/92123/rsync-all-files-of-remote-machine-over-ssh-without-root-user/92397#92397.
– ndemou – 2017-01-17T16:51:59.993Can you not change the permissions on the remote folder so that your user has write access to it? – Phil – 2011-04-14T19:34:48.917
1Unfortunately that isn't an option. – Peter – 2011-04-15T08:11:20.690