rsync Permission denied backing up a remote directory to my local machine

You cannot back up a file which you cannot read otherwise, so the permissions will have to be either changed or overriden by root.

Your options in more detail:

  • Override the permissions by rsync'ing as [email protected] directly. (

  • ...or by configuring sudo on the server to allow password-less running of the rsync server-side component.

    me    ALL=(root) NOPASSWD: /usr/bin/rsync --server --sender -vlogDtprze.iLsf . /var/www/
    

    and

    rsync --rsh="ssh [email protected] sudo" -avz /var/www/ /backups/...
    
  • Create a dedicated "website-backup" account on the server. Change the files' permissions to make them readable to the "website-backup" account; you may use ACLs and setfacl for that. Do not use this account for anything else.

    rsync -avz [email protected]:/var/www/ /backups/sites/mysite/
    
  • Write a script on the server which would dump /var/www/ into an encrypted tarball. Again, this can be done as root (via crontab) or by configuring sudo to not require a password for that script. For example:

    #!/bin/sh
    tar c /var/www/ | gpg -e -r [email protected]
    

    Backup would be done by pulling the entire tarball every time, which might be inefficient with large sites:

    ssh [email protected] "sudo /usr/sbin/dump-website" > /backups/sites/mysite.tar.gpg
    

    The password requirement would be removed by editing sudoers:

    me     ALL=(root) NOPASSWD: /usr/sbin/dump-website
    

In the remote host you can run rsync daemon with

uid root

in the /etc/rsyncd.conf file.

This will allow the daemon to use the CAP_DAC_OVERRIDE capability and read the local file system without changing permissions/ownership.

If you need just to make a backup it's a good practice to set rsync to read only mode:

read only = true