Now I am a step further. For rsync to write user attributes you need to run it with the flag
rsync -HPavS --delete --rsync-path="sudo rsync" <SRC> user@remotehost:/<DEST>/
and add
username ALL= NOPASSWD:/usr/bin/rsync
in /etc/sudoers on remote host so the remote rsync has sudo rights. That seemed to do the trick.
So the whole backupscript run by cron looks like this:
#!/bin/sh
cp -r /etc/grommunio* /gromox_db_bkp/etc_bkp/
cd /gromox_db_bkp
mysqldump -u grommunio -p<BD_PASSWORD> --single-transaction --routines --triggers --events --add-drop-database grommunio > grommunio-mysql-backup.sql
rsync -HPavS --delete --rsync-path="sudo rsync" /gromox_db_bkp user@remotehost:/grommunio_bkp/
rsync -HPavS --delete --rsync-path="sudo rsync" /var/lib/gromox/user user@remotehost:/grommunio_bkp/var/lib/gromox/
rsync -HPavS --delete --rsync-path="sudo rsync" /var/lib/gromox/domain user@remotehost:/grommunio_bkp/var/lib/gromox/
rsync -HPavS --delete --rsync-path="sudo rsync" /etc/nginx cuser@remotehost:/grommunio_bkp/etc/
rsync -HPavS --delete --rsync-path="sudo rsync" /etc/php8/fpm/php-fpm.d user@remotehost:/grommunio_bkp/etc/
rsync -HPavS --delete --rsync-path="sudo rsync" /etc/letsencrypt user@remotehost:/grommunio_bkp/etc/
rsync -HPavS --delete --rsync-path="sudo rsync" /etc/postfix user@remotehost:/grommunio_bkp/etc/
if [ $? -eq 0 ]; then
echo Gromox Backup OK
else
echo Gromox Backup FAIL
fi
