This is the solution I came up with:

rsync -R -avz -e ssh --rsync-path="echo mypassword | sudo -S  mkdir -p /remote/lovely/folder && sudo rsync" /home/ubuntu/my/lovely/folder ubuntu@x.x.x.x:/remote/lovely/folder --delete

Bit of a mission!

Try this solution. In your sudoers file (/etc/sudoers) setup your user like this:

username ALL= NOPASSWD:/usr/bin/rsync

the NOPASSWD:/usr/bin/rsync tells sudo that when your user runs /usr/bin/rsync or just rsync that no password is needed.

Then your original --rsync-path="sudo rsync" should work.

Another method is to get around the permissions restrictions by initiating rsync on the remote machine. Instead of:

rsync /home/ubuntu/my/lovely/folder ubuntu@x.x.x.x:/remote/lovely/folder

You can do:

ssh ubuntu@x.x.x.x 'rsync ubuntu@y.y.y.y:/home/ubuntu/my/lovely/folder /remote/lovely/folder'

Where y.y.y.y is your local machine's IP address. This only works if your local machine can act as an SSH server.

Here is what worked for me, considering that I want to keep password authentication (so I don't want to use NOPASSWD or keys) - on Ubuntu 14.04:

• "Open up" sudo on remote machine by disabling tty_tickets through a temporary file in /etc/sudoers.d/ (which should be supported on Debian, see /etc/sudoers.d/README), and "Update the user's cached credentials", which "extends the sudo timeout for another 15 minutes"
• Run the rsync with sudo as shown in other answers
• "Close down" sudo on remote machine by removing the temporary file in /etc/sudoers.d/, which re-enables tty_tickets

... or, with command lines:

ssh -t $REMOTEPC 'echo "Defaults !tty_tickets" | sudo tee /etc/sudoers.d/temp; sudo -v'
rsync -aP -e 'ssh' '--rsync-path=sudo rsync' /etc/pulse/client.conf $REMOTEPC:/etc/pulse/client-copy.conf
ssh -t $REMOTEPC 'sudo rm -v /etc/sudoers.d/temp; sudo -v'

These are the responses I get when running these commands on the local machine:

$ ssh -t $REMOTEPC 'echo "Defaults !tty_tickets" | sudo tee /etc/sudoers.d/temp; sudo -v'
remoteuser@$REMOTEPC's password: 
[sudo] password for remoteuser: 
Defaults !tty_tickets
Connection to $REMOTEPC closed.

$ rsync -aP -e 'ssh' '--rsync-path=sudo rsync' /etc/pulse/client.conf $REMOTEPC:/etc/pulse/client-copy.conf
remoteuser@$REMOTEPC's password: 
sending incremental file list
client.conf
           1269 100%    0.00kB/s    0:00:00 (xfr#1, to-chk=0/1)

$ ssh -t $REMOTEPC 'sudo rm -v /etc/sudoers.d/temp; sudo -v'
remoteuser@$REMOTEPC's password: 
removed ‘/etc/sudoers.d/temp’
[sudo] password for remoteuser: 
Connection to $REMOTEPC closed.

Note that sudo -v should be ran after each time files in /etc/sudoers.d/, so the changes therein are accepted.

My workuround is to add --rsync-path="echo PASSWORD | sudo -Sv && sudo rsync"

example:

rsync -avz -e ssh /home/ubuntu/my/lovely/folder ubuntu@x.x.x.x:/remote/lovely/folder --delete --rsync-path="echo <PASSWORD> | sudo -Sv && sudo rsync"

It usually isn't a good idea to put passwords into a command line one-liner; they become visible in the process tree, for example. I sometimes replace the actual password in this type of statement with $( cat my_password.txt ) which is slightly better

rsync -avz -e ssh /home/ubuntu/my/lovely/folder ubuntu@x.x.x.x:/remote/lovely/folder --delete --rsync-path="cat my_password.txt | sudo -Sv && sudo rsync"

Run as cronjob in the background

Ok, so you have a few options here.

The ones above are pretty good when it comes to rsync as a normal user with sudo permissions on (both) other side(s).

I had this same problem, the only difference was that I wanted to run this as a cronjob at night.

Step 1

I work with ssh-keys (this makes it possible to login to a remote host without password authentication while still being very secure!!)

1. Create a ssh-key on your source computer (server) with the following command:

ssh-keygen

You will be prompted a few options, just press enter every time (do not (enter) set a password!!).

This command creates 2 different keys. 1. An id_rsa_pub key: this key needs to be copied to the remote (destination server) host. 2. An id_rsa: this is a private key and you do not want to mess with this key. Make sure no one can see this key (read permissions). Only you should have the right to see this key.

Step 2

2. The moment you have generated the keys, it is time to copy the id_rsa_pub key to the remote computer (server). You can do this with the following command:

ssh-copy-id user@remoteserver.example

You will be prompted to fill in your password for default ssh access. Just enter your password and the ssh-copy-id command will do the rest for you.

Time to test

3. Now, ssh into the remote server (the destination you used with the ssh-copy-id command).

You can consider the test successful if you do not get to see a prompt to enter a password.

Now you can do rsync commands to a remote host without having to fill in a password all the time! Also you can autocomplete on the destination host from within your source host. That is pretty neat if you ask me (example ssh 192.168.1.100: "press two time the tab button to autocomplete the rest of the command. Note that the ip address 192.168.1.100 is the ip address of the destination server).

Now you can do a rsync command from a cronjob with a normal "sudo" user (no need for root access on both servers for ssh for using user root).

Just do the same as described above, but add one option:

sudo rsync --rsync-path="sudo rsync" -az --delete -e "ssh -p 1022 -l **buser** -i /home/**buser**/.ssh/id_rsa" /path/to/rsync user@destinationserver.example:

Note that buser (BackupUSER, is my user who uses the ssh-key to login through ssh without being prompted for a password). Change buser to your username who uses the ssh-key login method.

Note the last character in the command ends with a ":" This means that you are copying files to the home folder of the remote user. If you want to deviate to another location outside your home directory, you can achieve this by adding the absolute path after the ":" For example:

sudo rsync --rsync-path="sudo rsync" -az --delete -e "ssh -p 1022 -l **buser** -i /home/**buser**/.ssh/id_rsa" /path/to/rsync user@destinationserver.example:/srv/backup_folder

Explaining the option "ssh -p 1022 -l username -i /home/username/.ssh/id_rsa"

ssh -p 1022 ssh uses the default port 22. I deviate from the default port because my ssh-server listens to port 1022.

-l username the user defined who can login to the remote host with the ssh-key authentication method. In my case, this is the user BUSER.

-i (stands for Identity) uses the private key which we created with the ssh-keygen command. It points to where this key is stored. The default location is in the users home folder in a hidden directory called ssh (/home/username/.ssh/id_rsa).

I hope this will help other users to automate their backup through cron in a secure matter.

Double check

From the source machine (server), make sure you execute your command (script) as the ROOT user (if you make a cronjob, you have to make sure that you are the user root (#) when creating the cronjob)

Make sure the user on the destination server has sudo rights.

Make sure you have done the visudo as Keith describes in his answer!