Hi Matt, In your patch that you graciously provided me to provide supplementary groups capability, you didn't say how it was supposed to be specified. I thought it was working the first time I used it, but I was mistaken. I forgot to add the supplementary groups option but it's unclear how it's supposed to work. It's an rsyncd.conf parameter but what is the format?
Here's how I tried it: rsyncd.conf ============ #GLOBAL OPTIONS ... uid = root gid = root supplementary groups = TRUE # like this? ... [MODULE] ... uid = someuser gid = somegroup ... to allow rsync to use the permissions of 'someuser' to read MODULE? I'm missing something as the above doesn't work. harry The header in your path said this: [PATCH] Add "supplementary groups" daemon parameter to take on the supplementary groups of the specified "uid" as well as the specified "gid". On Saturday 14 February 2009, Matt McCutchen wrote: > On Thu, 2009-02-12 at 21:23 -0800, Harry Mangalam wrote: > > I've created a special user to backup a server which has some > > users who don't want all their files backed up, so I'm trying to > > address their concerns by using the uid= and gid= lines in > > rsyncd.conf to have the rsyncd run with 'uid=backuppc' and > > 'gid=backuppc' privs, set in the global section. Then I add > > backuppc to the appropriate group in /etc/group as below. > > > > In this way, rsync will have read permissions only for those > > users who have made their files g+rX and who have agreed to have > > the backuppc user added to their group in /etc/group. > > > > ie 'minas' is a user who has his /home/dir set as > > drwxr-x--- 39 minas minas 4096 2009-02-06 23:01 /home/minas > > > > I've tried to have address this by setting his /etc/group line > > as: > > > > minas:x:1000:backuppc > > > > expecting that since 'backuppc' is now a member of the 'minas' > > group, rsync running with 'backuppc' privs can read the files > > 'minas' user allows the 'minas' group to read. This change > > allows the 'backuppc' user to read those files from the shell. > > > > However, this does not work for the backup (rsyncd refuses to > > read the files with an entry in /var/log/rsyncd.log: > > On Fri, 2009-02-13 at 09:21 -0800, Harry Mangalam wrote: > > 2009/02/13 09:06:28 [9818] rsync: link_stat "." (in minas) > > failed: Permission denied (13) > > The problem is that the daemon takes on only the specified uid and > gid, not the supplementary groups of the uid. The attached patch > (also in wip/supplementary-groups of my repository) adds a daemon > parameter to take on the supplementary groups. Please test this > and tell us whether it works for you. -- Harry Mangalam - Research Computing, NACS, E2148, Engineering Gateway, UC Irvine 92697 949 824-0084(o), 949 285-4487(c) --- Good judgment comes from experience; Experience comes from bad judgment. [F. Brooks.] -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html