Hi All, I must not understand the uid/gid line in rsyncd.conf. If someone could briefly point out where I've gone wrong, I'd appreciate it.
I've created a special user to backup a server which has some users who don't want all their files backed up, so I'm trying to address their concerns by using the uid= and gid= lines in rsyncd.conf to have the rsyncd run with 'uid=backuppc' and 'gid=backuppc' privs, set in the global section. Then I add backuppc to the appropriate group in /etc/group as below. In this way, rsync will have read permissions only for those users who have made their files g+rX and who have agreed to have the backuppc user added to their group in /etc/group. ie 'minas' is a user who has his /home/dir set as drwxr-x--- 39 minas minas 4096 2009-02-06 23:01 /home/minas I've tried to have address this by setting his /etc/group line as: minas:x:1000:backuppc expecting that since 'backuppc' is now a member of the 'minas' group, rsync running with 'backuppc' privs can read the files 'minas' user allows the 'minas' group to read. This change allows the 'backuppc' user to read those files from the shell. However, this does not work for the backup (rsyncd refuses to read the files with an entry in /var/log/rsyncd.log: auth failed on module svn from nnn.nnn.nnn.nnn ( xxx.xxx.xxx.xxx): unauthorized user. It /does/ work if I have the uid/gid lines set to 'root' or to 'minas', but in that case ALL his files get backed up, which is not what he wants. The relevant parts of the rsyncd.conf file # GLOBAL OPTIONS log file=/var/log/rsyncd pid file=/var/run/rsyncd.pid auth users = [deleted] uid = backuppc gid = backuppc secrets file = /etc/rsyncd.secrets dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.exe max verbosity=2 # MODULE OPTIONS [home] comment = /home dir for [] path = /home use chroot = no max connections=1 lock file = /var/lock/rsyncd read only = yes list = yes exclude from = /etc/rsyncd.exclude strict modes = yes hosts deny = * hosts allow = [deleted] ignore errors = no ignore nonreadable = yes transfer logging = yes timeout = 600 refuse options = checksum dry-run dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz -- Harry Mangalam - Research Computing, NACS, E2148, Engineering Gateway, UC Irvine 92697 949 824-0084(o), 949 285-4487(c) --- Good judgment comes from experience; Experience comes from bad judgment. [F. Brooks.] -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html