rsyncd.conf

LuKreme kremels at kreme.com
Thu Apr 3 07:21:03 PDT 2008 

On 1-Apr-2008, at 02:09, Axel Luttgens wrote:
> Le 30 mars 08 à 19:01, LuKreme a écrit :
>> I have the following in rsyncd.conf (on 'server'):
>>
>> [backup]
>> 	path = /backup/
>> 	comment = Backup
>> 	readonly = no
>> 	auth users = root
>> 	secrets file = /usr/local/etc/rsyncd.secrets
>>
>> I tried to connect to it from www2
>>
>> rsync -av --password-file=/var/rsync.passwd --link- 
>> dest=server::backup/www2 / server::backup/www2.daily.0
>>
>> and get the following error:
>>
>> building file list ... done
>> rsync: mkdir "www2.daily.0" (in backup) failed: Permission denied  
>> (13)
>> rsync error: error in file IO (code 11) at main.c(529)  
>> [receiver=2.6.9]
>> rsync: connection unexpectedly closed (4 bytes received so far)  
>> [sender]
>>
>> Since the auth user for the rsync is 'root' why am I getting a  
>> permission failure?
>>
>> And even though the current www2 folder is owned by root (in fact,  
>> has the same permissions as /backup), I AM able to run the  
>> following command with no error:
>>
>> rsync -av --password-file=/var/rsync.passwd / server::backup/www2
>>
>> $ ls -lsa /backup/
>> 2 drwxr-xr-x  13 root  wheel        512 Mar 30 10:33 .
>> 2 drwxr-xr-x  24 root  wheel       1024 Feb 16 13:58 ..
>> 2 drwxr-xr-x  21 root  wheel        512 Jun 10  2007 www2
>
> So, anybody may read/traverse folder www2, but only a process  
> running as root may write within it.
>
> In the above, assuming you are running your rsync commands as root,  
> you have authenticated as an rsync user named "root" against the  
> rsync server.
> An rsync user is just a name defined in the server's secrets file,  
> and has no relationship to system users.

Right, good point.

> So, the question is: does the rsync server process run as root, ie  
> with UID 0, while handling the client's request?

Yes, the daemon runs as root:

  $ psa rsync
root       996  0.0  0.0  1548   284  ??  Is   21Mar08   1:15.45 /usr/ 
local/bin/rsync --daemon

> For this to happen, rsync must be launched as root and must be  
> instructed to stay running as root (not to switch to another user).

Ah, that could be.

> Perhaps do you just need to add this line to the [backup] section:
> 	uid = 0
> provided the daemon itself is launched as root.

Ahah, yes, that should do it.

Thanks much.

-- 
Well boys, we got three engines out, we got more holes in us than a  
horse trader's mule, the radio is gone and we're leaking fuel and if  
we was flying any lower why we'd need sleigh bells on this thing...  
but we got one little budge on those Roosskies. At this height why  
they might harpoon us but they dang sure ain't gonna spot us on no  
radar screen!

More information about the MacOSX-admin mailing list