Nigel Jones wrote:
On Wed, 2008-08-27 at 21:52 -0700, Jesse Keating wrote:
On Wed, 2008-08-27 at 21:44 -0700, Jesse Keating wrote:
Comments?
One comment just made on IRC by G:
<G> f13: can't be allow masher to sudo to ftpsync and run a sync command?
G = $me :)
We would have to allow masher to sudo with no password in order to run the rsync command. I'm not sure how far we can narrow it down since the rsync source changes each day, only the dest (and other options) remain the same.
Why not something like:
sudo /usr/local/bin/rawhideftpsync.sh <random bit> that runs: rsync ...<normal path>.<random bit> ...
Just a thought.
You could configure sudoers to allow the masher user to only be able to execute whatever it sudo's as the ftpsync user:
masher hostname.domain.tld=(ftpsync) NOPASSWD: rsync $rsync_opts foo.<wildcardmatch-source> bar
Does that narrow it down sufficiently?
Kind regards,
Jeroen van Meeuwen -kanarip