I use RSync to back up my Linux-based hosted servers to a remote location. I used to run RSync creating a SSH tunnel to copy the data. That was back in the “RedHat” day when it was acceptable to log into SSH via the root account. Now a days, I establish my SSH connections as a standard user. However, the standard user doesn't (and shouldn't) have access to read all of the files for backup. So My solution is to install a RSync daemon listening on localhost (127.0.0.1) and configured for read-only ??? and then using SSH as a standard user to establish the tunnel to that port via SSH.
sudo apt-get install rsync cat > /tmp/rsyncd.conf << EOF max connections = 1 log file = /var/log/rsync.log timeout = 300 [root] path = / read only = yes uid = nobody gid = nogroup list = yes hosts allow = 127.0.0.1/32 EOF sudo mv /tmp/rsyncd.conf /etc/rsyncd.conf cat > /tmp/rsync << EOF RSYNC_ENABLE=true RSYNC_NICE='10' RSYNC_IONICE='-c3' EOF sudo mv /tmp/rsync /etc/default/rsync sudo /etc/init.d/rsync restart
Once that is setup, backups are as easy as:
/usr/bin/ssh -T -L 873:127.0.0.1:873 server /bin/rsync.exe -rltDhz --progress --ignore-errors --delete --delete-excluded --modify-window=2 --exclude '/proc' --exclude '/dev' --exclude '/srv' 127.0.0.1::root /backup/server/