Re: [OpenIndiana-discuss] rsyncd configuration
Hi Bob, thanks. That was it. Meanwhile I even found it from the horse's mouth: The default when run by a super-user is to switch to the system's nobody user. See: https://www.samba.org/ftp/rsync/rsyncd.conf.html In a nutshell, rsync is doing work as nobody specifically run as root. That's why the o - flags matter. I think one should add the read only = yes option, too. Just in case when somebody gets access to the backup server, he can't do rogue restore everywhere. BR, Sebastian Am 27.03.2015 um 13:00 schrieb openindiana-discuss-requ...@openindiana.org: Message: 2 Date: Thu, 26 Mar 2015 08:34:01 -0500 (CDT) From: Bob Friesenhahnbfrie...@simple.dallas.tx.us To: Discussion list for OpenIndiana openindiana-discuss@openindiana.org Subject: Re: [OpenIndiana-discuss] rsyncd configuration Message-ID: alpine.gso.2.01.1503260825260.4...@freddy.simplesystems.org Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed On Thu, 26 Mar 2015, Sebastian Gabler wrote: Hi, I am trying to solve a problem that i have ignored for quite a long time. The issue is that messages are flooded with rsync permission errors, and that some files are not backed up properly. What I have found so far is the following: - rsyncd is running as root Check your rsyncd.conf file. For example, one of my rsyncd.conf files starts with: uid = nobody gid = nobody so that rsync changes its effective uid to 'nobody' before doing anything. This is pretty common since rsyncd is often used in evironments with untrusted users. On another rsyncd.conf file which is used to successfully transfer ssh private key files, I am using uid = root gid = root Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] rsyncd configuration
Hi, I am trying to solve a problem that i have ignored for quite a long time. The issue is that messages are flooded with rsync permission errors, and that some files are not backed up properly. What I have found so far is the following: - rsyncd is running as root -the issue is the same when rsync is invoked locally, or from a remote host (I am running OI as a backup server calling other machines, OI and Ubuntu as clients). The call usually is rsync -azt --numeric-ids --timeout=600 --port ... - the failing files all seem to have in common that there are no read rights on the o- bits. (i.e. 2.5K -rw--- 1 root root ssh_host_rsa_key file is faling consistently) I seem to be missing something really basic with the access rights here. My understanding is that the access rights of the user running rsyncd on the client will count. Naively, why would rsync running as root not read a file root owns? Why is this going per o- permissions? If I could make it go by the group at least, then still how could I solve the other aspects, i.e. the rsync user reading files that are owned by others like dladm:netadm? I understand as well that at least for the above RSA key I don't want to have anybody else but owner read the file. Is there still some RBAC trick or ACLs that could help me back up everything? Once solved for OI, I will probably have to address the same on the linux machines. Thanks for any hints, and sorry for the noob aspects of this matter if there are any. Regards, Sebastian ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] rsyncd configuration
On Thu, 26 Mar 2015, Sebastian Gabler wrote: Hi, I am trying to solve a problem that i have ignored for quite a long time. The issue is that messages are flooded with rsync permission errors, and that some files are not backed up properly. What I have found so far is the following: - rsyncd is running as root Check your rsyncd.conf file. For example, one of my rsyncd.conf files starts with: uid = nobody gid = nobody so that rsync changes its effective uid to 'nobody' before doing anything. This is pretty common since rsyncd is often used in evironments with untrusted users. On another rsyncd.conf file which is used to successfully transfer ssh private key files, I am using uid = root gid = root Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer,http://www.GraphicsMagick.org/ ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
