It looks like Waynes changes do what I wanted. If I understand Wayne's changes in the dev version correctly, my rsyncd.conf would look like:
rsyncd.conf ============ #GLOBAL OPTIONS ... uid = root gid = root ... [STDMODULE] ... # uid = commented out # gid = commented out ... [MYMODULE] ... uid = backuppc # next line allows rsync to have the perms of any group backuppc # belongs to gid = * ... [YOURMODULE] ... uid = you gid = * # ditto ... to allow rsync to use the permissions of 'root' to read [STDMODULE] (GLOBAL not overridden), 'backuppc' permissions to read [MYMODULE], and 'you' permissions to read [YOURMODULE]. I tried this (with rsync-HEAD-20090305-0445GMT) and it WORKED (at least for my requirements). The daemon is running when idle is owned by root, but when the backup ran, it spawned another rsync daemon that ran as 'backuppc': root 18748 0.0 0.0 2404 528 ? Ss 09:01 0:00 /usr/bin/rsync --daemon --config /etc/rsyncd.conf backuppc 19297 6.2 0.0 4056 2392 ? D 09:07 0:00 /usr/bin/rsync --daemon --config /etc/rsyncd.conf (lines folded but during the run there are 2 rsyncd's running, one as root, one as backuppc) I have a file called sortaprivate which has perms: -rw-r----- 1 hjm hjm 146 2009-03-04 15:08 sortaprivate My /etc/group has an entry: hjm:x:1000:backuppc so if rsync was running as backuppc, it should have been able to read that file, and finally, it does. Thanks to Wayne and Matt for their patience and code. Harry On Friday 20 February 2009, Wayne Davison wrote: > On Sat, Feb 14, 2009 at 08:53:22PM -0500, Matt McCutchen wrote: > > The attached patch (also in wip/supplementary-groups of my > > repository) adds a daemon parameter to take on the supplementary > > groups. > > I went a little different route than this path by allowing the user > to specify one or more groups via the gid setting. It will also > expand the string "*" (if specified as the first item) into the > normal grouplist for the requested user. I then changed a > non-super-user daemon-run to default the uid/gid parameters to > NULL, which allows rsync to know if the user requested a value, and > it will now complain if a specified setting fails. A super-user > run still defaults to nobody if unspecified. > > ..wayne.. -- Harry Mangalam - Research Computing, NACS, E2148, Engineering Gateway, UC Irvine 92697 949 824-0084(o), 949 285-4487(c) --- Good judgment comes from experience; Experience comes from bad judgment. [F. Brooks.] -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
