On Thu, 23 Aug 2001 rmcm@compsoft.com.au wrote:

> how about;
>
>    rsync -a -e ssh --rsync-path=/usr/local/etc/rsync-sudo /localdir/ \
>          user@remotehost:/remotedir/
>
> where  /usr/local/etc/rsync-sudo is
>
>         #!/bin/sh
>         sudo /usr/pkg/bin/rsync $*

The whole point of the "needs to be in the wheel group" system is that
having a single password or key does not give you root access. If you
get the root password, you still do not have root accesss until you
can get on to the machine as a user authorized to su. (Or until you get
to a secure terminal.) If you have access to the machine as that user,
you still need the root password.

It appears to me that with this method, the "sudo /usr/pkg/bin/rsync"
has no way of prompting the user for the root password (since it's the
rsync protocol that's talking to to the remote machine, not the "user
himself", as it were) and so it must have been configured such that the
particular user needs no password to sudo. This leaves you in a position
where at attacker needs only a single password or key to gain root access
to the system. That's what I was trying to avoid in the first place.

(As Todd Vierling pointed out, the method above blows away the security
provided by sudo, because it give you permission to overwrite the sudo
config file.  If you are going to go this route, you might as well take
the easier route suggested by tv, and just allow direct root logins with a
separate key for each individual. Then you don't need to muck about with
sudo. You still have the problem of having only single authentication
rather than double authentication, but I really don't see any way around
that that lets you keep the convenience of doing rsh-type actions from
another machine.)

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 3 5778 0123   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC