On Thu, 2009-02-12 at 21:23 -0800, Harry Mangalam wrote: > I've created a special user to backup a server which has some users > who don't want all their files backed up, so I'm trying to address > their concerns by using the uid= and gid= lines in rsyncd.conf to > have the rsyncd run with 'uid=backuppc' and 'gid=backuppc' privs, set > in the global section. Then I add backuppc to the appropriate group > in /etc/group as below. > > In this way, rsync will have read permissions only for those users who > have made their files g+rX and who have agreed to have the backuppc > user added to their group in /etc/group. > > ie 'minas' is a user who has his /home/dir set as > drwxr-x--- 39 minas minas 4096 2009-02-06 23:01 /home/minas > > I've tried to have address this by setting his /etc/group line as: > > minas:x:1000:backuppc > > expecting that since 'backuppc' is now a member of the 'minas' group, > rsync running with 'backuppc' privs can read the files 'minas' user > allows the 'minas' group to read. This change allows the 'backuppc' > user to read those files from the shell. > > However, this does not work for the backup (rsyncd refuses to read the > files with an entry in /var/log/rsyncd.log:
On Fri, 2009-02-13 at 09:21 -0800, Harry Mangalam wrote: > 2009/02/13 09:06:28 [9818] rsync: link_stat "." (in minas) failed: > Permission denied (13) The problem is that the daemon takes on only the specified uid and gid, not the supplementary groups of the uid. The attached patch (also in wip/supplementary-groups of my repository) adds a daemon parameter to take on the supplementary groups. Please test this and tell us whether it works for you. -- Matt
>From 1175c760bc7408a28b831e18db5d2e4fae78c0fa Mon Sep 17 00:00:00 2001 From: Matt McCutchen <m...@mattmccutchen.net> Date: Sat, 14 Feb 2009 20:49:56 -0500 Subject: [PATCH] Add "supplementary groups" daemon parameter to take on the supplementary groups of the specified "uid" as well as the specified "gid". To: rsync-patc...@mattmccutchen.net --- clientserver.c | 11 ++++++++++- configure.in | 2 +- loadparm.c | 6 ++++++ rsyncd.conf.yo | 5 +++++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/clientserver.c b/clientserver.c index 059be75..4e6e661 100644 --- a/clientserver.c +++ b/clientserver.c @@ -413,6 +413,7 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char int argc; char **argv, **orig_argv, **orig_early_argv, *module_chdir; char line[BIGPATHBUFLEN]; + char *uname = NULL; uid_t uid = (uid_t)-2; /* canonically "nobody" */ gid_t gid = (gid_t)-2; char *p, *err_msg = NULL; @@ -489,7 +490,7 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char am_root = (MY_UID() == 0); if (am_root) { - p = lp_uid(i); + uname = p = lp_uid(i); if (!name_to_uid(p, &uid)) { if (!isDigit(p)) { rprintf(FLOG, "Invalid uid %s\n", p); @@ -730,6 +731,14 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char return -1; } #endif +#ifdef HAVE_INITGROUPS + if (lp_supplementary_groups(i) && uname != NULL + && initgroups(uname, gid)) { + rsyserr(FLOG, errno, "initgroups failed"); + io_printf(f_out, "@ERROR: initgroups failed\n"); + return -1; + } +#endif if (setuid(uid)) { rsyserr(FLOG, errno, "setuid %d failed", (int)uid); diff --git a/configure.in b/configure.in index d03bc4e..75fc037 100644 --- a/configure.in +++ b/configure.in @@ -549,7 +549,7 @@ AC_FUNC_ALLOCA AC_CHECK_FUNCS(waitpid wait4 getcwd strdup chown chmod lchmod mknod mkfifo \ fchmod fstat ftruncate strchr readlink link utime utimes lutimes strftime \ memmove lchown vsnprintf snprintf vasprintf asprintf setsid strpbrk \ - strlcat strlcpy strtol mallinfo getgroups setgroups geteuid getegid \ + strlcat strlcpy strtol mallinfo getgroups setgroups initgroups geteuid getegid \ setlocale setmode open64 lseek64 mkstemp64 mtrace va_copy __va_copy \ strerror putenv iconv_open locale_charset nl_langinfo getxattr \ extattr_get_link sigaction sigprocmask setattrlist) diff --git a/loadparm.c b/loadparm.c index e8759ad..da2c91c 100644 --- a/loadparm.c +++ b/loadparm.c @@ -146,6 +146,7 @@ typedef struct { BOOL read_only; BOOL reverse_lookup; BOOL strict_modes; + BOOL supplementary_groups; BOOL transfer_logging; BOOL use_chroot; BOOL write_only; @@ -218,6 +219,7 @@ static const all_vars Defaults = { /* read_only; */ True, /* reverse_lookup; */ True, /* strict_modes; */ True, + /* supplementary_groups; */ False, /* transfer_logging; */ False, /* use_chroot; */ True, /* write_only; */ False, @@ -349,6 +351,9 @@ static struct parm_struct parm_table[] = {"reverse lookup", P_BOOL, P_LOCAL, &Vars.l.reverse_lookup, NULL,0}, {"secrets file", P_STRING, P_LOCAL, &Vars.l.secrets_file, NULL,0}, {"strict modes", P_BOOL, P_LOCAL, &Vars.l.strict_modes, NULL,0}, +#ifdef HAVE_INITGROUPS + {"supplementary groups",P_BOOL, P_LOCAL, &Vars.l.supplementary_groups,NULL,0}, +#endif {"syslog facility", P_ENUM, P_LOCAL, &Vars.l.syslog_facility, enum_facilities,0}, {"temp dir", P_PATH, P_LOCAL, &Vars.l.temp_dir, NULL,0}, {"timeout", P_INTEGER,P_LOCAL, &Vars.l.timeout, NULL,0}, @@ -433,6 +438,7 @@ FN_LOCAL_BOOL(lp_numeric_ids, numeric_ids) FN_LOCAL_BOOL(lp_read_only, read_only) FN_LOCAL_BOOL(lp_reverse_lookup, reverse_lookup) FN_LOCAL_BOOL(lp_strict_modes, strict_modes) +FN_LOCAL_BOOL(lp_supplementary_groups, supplementary_groups) FN_LOCAL_BOOL(lp_transfer_logging, transfer_logging) FN_LOCAL_BOOL(lp_use_chroot, use_chroot) FN_LOCAL_BOOL(lp_write_only, write_only) diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo index 992b7ce..f5767f3 100644 --- a/rsyncd.conf.yo +++ b/rsyncd.conf.yo @@ -324,6 +324,11 @@ file transfers to and from that module should take place as when the daemon was run as root. This complements the "uid" parameter. The default is gid -2, which is normally the group "nobody". +dit(bf(supplementary groups)) If enabled, the daemon will take on the +supplementary groups of the specified "uid" in addition to the specified "gid" +when performing transfers to and from the module. For this to work, "uid" +should be a name, not a numeric user ID. The default is false. + dit(bf(fake super)) Setting "fake super = yes" for a module causes the daemon side to behave as if the bf(--fake-user) command-line option had been specified. This allows the full attributes of a file to be stored -- 1.6.2.rc0.7.g013dd.dirty
-- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html