I want to set up RSYNC so it has root privilege on the remote server. I do not want to run rsync through inetd. I want to be able to limit who can use rsync when the remote end has root privilege. I prefer not to use rsync's internal user/secrets file. I do want to use SSH as the transport shell. With that in mind, here is what I tried. I wrapped the rsync single use daemon execution on the remote end with a script that executes rsync as root by using the SUDO command. I can then easily control access to root privileged rsync execution through the sudoers file, an acceptable security configuration at our site. However. rsync seems to be having a problem. I get this message on the local side.
@ERROR: invalid uid nobody I would like to figure out why this fails or if there is a better way to accomplish the same thing. Here is my wrapper script on the remote side. tbcsap01 154 $ cat /var/tmp/rsync.sh #!/bin/ksh # echo "Args $*." > /var/tmp/rsync.op pwd >> /var/tmp/rsync.op env >> /var/tmp/rsync.op id >> /var/tmp/rsync.op /usr/bin/sudo /usr/bin/env >> /var/tmp/rsync.op /usr/bin/sudo /usr/bin/id >> /var/tmp/rsync.op /usr/bin/sudo /usr/local/bin/rsync --verbose --config=/etc/rsyncd.conf $* and the config file log file = /var/tmp/rsyncd.log pid file = /var/tmp/rsyncd.pid lock file = /var/tmp/rsync.lock [cluster_files] path = /home/bb/cluster_rsync_test comment = My Very Own Rsync Server read only = false write only = false hosts allow = opsdev.deca.mil max verbosity = 3 Here is the command run on the local side. opsdev 290 $ rsync --verbose --progress --stats --rsync-path=/var/tmp/rsync.sh -e ssh [EMAIL PROTECTED]::cluster_files @ERROR: invalid uid nobody rsync: connection unexpectedly closed (0 bytes received so far) [receiver] rsync error: error in rsync protocol data stream (code 12) at io.c(420) Here is the o/p from the wrapper script. Args --server --daemon .. /nfs/home/tinsless _=/usr/bin/env PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/ssh/bin LOGNAME=tinsless MAIL=/var/mail/tinsless USER=tinsless SHELL=/usr/bin/ksh HOME=/nfs/home/tinsless SSH_CLIENT=172.16.208.14 65476 22 SSH_CONNECTION=172.16.208.14 65476 172.16.208.41 22 PWD=/nfs/home/tinsless TZ=EST5EDT uid=320(tinsless) gid=200(sa) groups=4(adm) _=/usr/bin/sudo PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/ssh/bin LOGNAME=root MAIL=/var/mail/tinsless USER=root SHELL=/usr/bin/ksh HOME=/nfs/home/tinsless SSH_CLIENT=172.16.208.14 65476 22 SSH_CONNECTION=172.16.208.14 65476 172.16.208.41 22 PWD=/nfs/home/tinsless TZ=EST5EDT TERM=unknown SUDO_COMMAND=/usr/bin/env SUDO_USER=tinsless SUDO_UID=320 SUDO_GID=200 uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),7(lp),20(users) -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html