On Fri, Feb 08, 2008 at 08:48:30PM +0100, Matt wrote:

quoted text
> Alexander Hall schreef:

> >Marti Martinez wrote:

> >>Do the rsync over SSH -- unless you don't allow root ssh access?

> >

> >I think that was the "solution" Matt tried to avoid. I suppose he does

> >not seem confident with (automated) root access/logins from other boxes.

> >

> I'd like to avoid root access as OpenBSD disables it by default for a

> good reason. But so far it seems the most maintainable solution.

> I was just wondering what other people (specifically those using CARP

> fail-over setups) use,

> but I guess the obvious answer is rsync over ssh.

You could, with some work, do it differently.  On the source box, make a

tarball of what you want on the destination box.  This preserves the

ownership of the files.  Rsync this over as whatever user.  Have a

process on the target box, running as root, extract the tarball into

place.
Since you don't want root access, you probably want some means of

verifying on the target that the tarball is authentic.  You could use

OpenSSL enc to encrypt a file containing the MD5 (or the whole tarbarll

could be encrypted) symetrically with a common password known to both

the source and target boxes.
Doug.