Root privilege solution

Mon, 27 Jun 2005 10:52:26 -0700 

I want to set up RSYNC so it has root privilege on the remote server. I do not 
want to run rsync through inetd.
I want to be able to limit who can use rsync when the remote end has root 
privilege. I prefer not to use rsync's
internal user/secrets file. I do want to use SSH as the transport shell. With 
that in mind, here is what I tried.
I wrapped the rsync single use daemon execution on the remote end with a script 
that executes rsync as
root by using the SUDO command. I can then easily control access to root 
privileged rsync execution through
the sudoers file, an acceptable security configuration at our site. However. 
rsync seems to be having a problem.
I get this message on the local side.

        @ERROR: invalid uid nobody

I would like to figure out why this fails or if there is a better way to 
accomplish the same thing.

Here is my wrapper script on the remote side.

        tbcsap01 154 $ cat /var/tmp/rsync.sh
        #!/bin/ksh
        #
        echo "Args $*." > /var/tmp/rsync.op
        pwd             >>  /var/tmp/rsync.op
        env             >>  /var/tmp/rsync.op
        id                      >>  /var/tmp/rsync.op
        /usr/bin/sudo /usr/bin/env >> /var/tmp/rsync.op
        /usr/bin/sudo /usr/bin/id >> /var/tmp/rsync.op
        /usr/bin/sudo /usr/local/bin/rsync --verbose --config=/etc/rsyncd.conf 
$*

and the config file 

        log file = /var/tmp/rsyncd.log
        pid file = /var/tmp/rsyncd.pid
        lock file = /var/tmp/rsync.lock

        [cluster_files]
           path = /home/bb/cluster_rsync_test
           comment = My Very Own Rsync Server
           read only = false
                write only = false
                hosts allow = opsdev.deca.mil
                max verbosity = 3

Here is the command run on the local side.

        opsdev 290 $ rsync --verbose --progress --stats 
--rsync-path=/var/tmp/rsync.sh -e ssh [EMAIL PROTECTED]::cluster_files
        @ERROR: invalid uid nobody
        rsync: connection unexpectedly closed (0 bytes received so far) 
[receiver]
        rsync error: error in rsync protocol data stream (code 12) at io.c(420)

Here is the o/p from the wrapper script.

        Args --server --daemon ..
        /nfs/home/tinsless
        _=/usr/bin/env
        PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/ssh/bin
        LOGNAME=tinsless
        MAIL=/var/mail/tinsless
        USER=tinsless
        SHELL=/usr/bin/ksh
        HOME=/nfs/home/tinsless
        SSH_CLIENT=172.16.208.14 65476 22
        SSH_CONNECTION=172.16.208.14 65476 172.16.208.41 22
        PWD=/nfs/home/tinsless
        TZ=EST5EDT
        uid=320(tinsless) gid=200(sa) groups=4(adm)
        _=/usr/bin/sudo
        PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/ssh/bin
        LOGNAME=root
        MAIL=/var/mail/tinsless
        USER=root
        SHELL=/usr/bin/ksh
        HOME=/nfs/home/tinsless
        SSH_CLIENT=172.16.208.14 65476 22
        SSH_CONNECTION=172.16.208.14 65476 172.16.208.41 22
        PWD=/nfs/home/tinsless
        TZ=EST5EDT
        TERM=unknown
        SUDO_COMMAND=/usr/bin/env
        SUDO_USER=tinsless
        SUDO_UID=320
        SUDO_GID=200
        uid=0(root) gid=3(sys) 
groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),7(lp),20(users)
--
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Reply via email to