Is it safe to upgrade to rsync 3 ? Will WHM/Cpanel work with rsync 3 ?

[driverC]

I am trying to create a remote backup of /backup/cpbackup/daily using rsync.

My plan was to execute the rsync command, enter the password manually, then disown the process and move it to the background and let it run until it finishes. However, I found that after a few minutes the command fails with a memory error because the amount of files is too large for rsync to handle.

So I read a bit and found that rsync 3 would offer an incremental file list creation to solve this problem. However, rsync 3 is not installed on my system. Now I could upgrade manually but will that break anything in the system or will it be incompatible with Cpanel ? I mean if there were no problems with rsync 3 then it would be installed by default. However, my brand new Centos 5.5 and RHEL 5 servers both came with rsync 2. What's the reason for that ? Is rsync 3 really safe and will it work with WHM/Cpanel ?

Now I could copy the directories one by one. The problem obviously is that this would require me to enter the password 450 times whenever I update the backup. So I was using the password ENV and the password file option of rsync 2. However, this didn't work. I was still asked for a password.

I read somewhere I could also use ssh auth keys to get rsync not to ask for a password but this would mean I'd have to store the private key on the server which is kind of insecure if the server gets hacked. In this case the hacker might gain access to the remote backup but that makes the remote backup useless because that is exactly what it is for (to provide a second copy if a hacker manipulates the primary backup).

I am kind of lost here now. If upgrading to rsync 3 is an option then this may be the way to go. I just don't know if it's safe and recommended and if it will work with Cpanel/WHM. Does anybody know ?

[cPanelTristan]

You could try upgrading to rsync 3, then put rsync into the /etc/yum.conf exclude line by listing it as rsync* in that line. cPanel/WHM does not determine the rsync version, your operating system does. The question on the security and stability would have to be directed to RedHat or CentOS, since they are the ones making that decision.

It isn't going to break cPanel to update rsync, since the only possible areas that might use it would be backups and transfers. Backups only use remote FTP for an off server copying method. I do believe rsync might be used with the one experimental feature for hard links in the WHM > Backups > Configure Backup area, but that feature hasn't been pushed out of being considered experimental.

[brianoz]

I read somewhere I could also use ssh auth keys to get rsync not to ask for a password but this would mean I'd have to store the private key on the server which is kind of insecure if the server gets hacked. In this case the hacker might gain access to the remote backup but that makes the remote backup useless because that is exactly what it is for (to provide a second copy if a hacker manipulates the primary backup).

Aside from Tristan's comments, I don't think cpanel uses rsync much.

To use ssh safely you can use the "command=" syntax in the remote ssh config files to restrict the commands that can run as a result of a connection. Additionally you could ssh in as a non-root user and run a shell script that runs rsync as root via sudo, if you're really paranoid. The other good option would be to restrict connections to that ssh to be only accepted from certain IPs.

If you do that, they couldn't easily gain access to the remote system. They *could* potentially wipe out the backup though, although you could probably work out some ways to restrict the ability to totally erase the remote backup.