/etc/csf and rsync remote backups (0600 perms) strategy on vps

[andymc]

Hi All,
Asking for your viewpoint on backing up ConfigServer (/etc/csf) which is on my vps.

I am rsyncing my cloud vps offsite, no problems there except:
/etc/csf is not being backed up, this is because /etc/csf has 0600 permissions (no execute attribute means only root can do stuff inside the directory), so when rsync tried to sync this directory remotely, after creating the initial remote /etc/csf directory, all other operations fail remotely as my remote backup does not have root access, therefore it cannot access the 0600 csf directory.
i.e. reading /etc/csf locally is no problem, but preserving permissions remotely has the effect of preventing /etc/csf being remotely backed up due to the 0600 local perms.

So, as I see it I can do one of three things:

1. In my cron job, create a tar archive of /etc/csf, have this rsynced and exclude /etc/csf from the rsync to get rid of those permission denied (13) errors

Code:

#!/bin/sh
# Daily rsync
# Create tar of /etc/csf due to 0600 permissions block with remote rsync to non root
tar cvfzp /backup/csfbackup.tgz /etc/csf
# Rsync it remotely
/usr/bin/rsync -avz -e ssh /backup/csfbackup.tgz myremoteuserid@remotehost:remotebackupdirectory/etc
# Rsync rest, note 'R' attribute to preserve filepath remotely
/usr/bin/rsync -avzR --exclude "/etc/csf"  -e ssh /home /var /etc /usr/local/cpanel /root myremoteuserid@remotehost:remotebackupdirectory

2. Change the perms of /etc/csf and all of its subdirectories and their subdirectories etc to 0700 - Not sure of the impact of this, owner and group are root in any case.

3. Just exclude /etc/csf from backups, but they if the worst happens, i lose my csf config

Just wondering what the rest of you do wrt /etc/csf and remote backups ?

Cheers

Andy