rsync Permission denied backing up a remote directory to my local machine

You cannot back up a file which you cannot read otherwise, so the permissions will have to be either changed or overriden by root.

Your options in more detail:

• Override the permissions by rsync'ing as [email protected] directly. (

• ...or by configuring sudo on the server to allow password-less running of the rsync server-side component.

  me    ALL=(root) NOPASSWD: /usr/bin/rsync --server --sender -vlogDtprze.iLsf . /var/www/
  

  and

  rsync --rsh="ssh [email protected] sudo" -avz /var/www/ /backups/...
  

• Create a dedicated "website-backup" account on the server. Change the files' permissions to make them readable to the "website-backup" account; you may use ACLs and setfacl for that. Do not use this account for anything else.

  rsync -avz [email protected]:/var/www/ /backups/sites/mysite/
  

• Write a script on the server which would dump /var/www/ into an encrypted tarball. Again, this can be done as root (via crontab) or by configuring sudo to not require a password for that script. For example:

  #!/bin/sh
  tar c /var/www/ | gpg -e -r [email protected]
  

  Backup would be done by pulling the entire tarball every time, which might be inefficient with large sites:

  ssh [email protected] "sudo /usr/sbin/dump-website" > /backups/sites/mysite.tar.gpg
  

  The password requirement would be removed by editing sudoers:

  me     ALL=(root) NOPASSWD: /usr/sbin/dump-website
  

In the remote host you can run rsync daemon with

uid root

in the /etc/rsyncd.conf file.

This will allow the daemon to use the CAP_DAC_OVERRIDE capability and read the local file system without changing permissions/ownership.

If you need just to make a backup it's a good practice to set rsync to read only mode:

read only = true