DO NOT REPLY [Bug 7070] Permission denied message with --fake-super and permissionless directory
https://bugzilla.samba.org/show_bug.cgi?id=7070 --- Comment #3 from ch...@onthe.net.au 2010-08-12 00:29 CST --- Created an attachment (id=5897) --> (https://bugzilla.samba.org/attachment.cgi?id=5897&action=view) Fix-temp-file-perms-to-allow-reading-xattrs (In reply to comment #2) > Right. The same problem occurs with a single regular file. The regular file version of the problem can be fixed with the attached 'Fix-temp-file-perms-to-allow-reading-xattrs' patch. I'm not confident enough of how/when the directory permissions are updated to make a similar change to fix that side of things. For the record, the regular file version of the problem can be duplicated like so: rsyncd.conf: [test] path = /tmp fake super = yes use chroot = no read only = no $ touch /tmp/a $ chmod 0 /tmp/a $ sudo rsync -lt -av -e 'ssh' /tmp/a "localhost::test/b" sending incremental file list a rsync: failed to read xattr user.rsync.%stat for ".b.xhD81x" (in test): Permission denied (13) rsync: failed to read xattr user.rsync.%stat for ".b.xhD81x" (in test): Permission denied (13) sent 76 bytes received 27 bytes 13.73 bytes/sec total size is 0 speedup is 0.00 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1057) [sender=3.0.6] $ ls -l /tmp/a /tmp/b -- 1 chris chris 0 2010-08-12 14:47 /tmp/a -rw--- 1 nobody nogroup 0 2010-08-12 14:47 /tmp/b -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the QA contact for the bug, or are watching the QA contact. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: backup option
> I am using rsync to backup files. Is it possible to specify an option > not to delete files from backup directory if the files are deleted > from source? In that way, I can always keep something I may or may not > need in the backup disk, but remove it from a work computer. As Alex mentioned the omitting the --delete option is the way to go. However, you should keep in mind that (depending upon the rsync options you provide) if you update a file (within the source directory) the then older version of this file in the destination directory will be overwritten. If you want to preserve old revisions of files, there are various rsync options which will allow various actions to be take place to the older versions which already exist in the destination directory. Below is an example of what I am talking about with regards older versions being overwritten in the destination directory when using the --archive rsync option. > $ mkdir 1 2 > $ ls > 1 2 > $ touch 1/hello > $ rsync -a 1 2 > $ echo "hello there" >> 1/hello > $ rsync -a 1 2 > $ cd 2/1 > $ ls -a > . ..hello > $ cat hello > hello there You will notice that there is no copy of the original (blank) file only the more recent version which contains the "hello there" text. If you check the rsync manual page and perform some www searches, you will find many options and approaches relating to what happens to updated files/directories when you run rsync. -- This email is protected by LBackup http://www.lbackup.org -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: backup option
Would that not be done by omitting the --delete option? aF On 12/08/2010, at 9:52 AM, hce wrote: > Hi, > > I am using rsync to backup files. Is it possible to specify an option > not to delete files from backup directory if the files are deleted > from source? In that way, I can always keep something I may or may not > need in the backup disk, but remove it from a work computer. > > Thank you. > > Kind Regards. > > hce > -- > Please use reply-all for most replies to avoid omitting the mailing list. > To unsubscribe or change options: > https://lists.samba.org/mailman/listinfo/rsync > Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
backup option
Hi, I am using rsync to backup files. Is it possible to specify an option not to delete files from backup directory if the files are deleted from source? In that way, I can always keep something I may or may not need in the backup disk, but remove it from a work computer. Thank you. Kind Regards. hce -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: HDB, a hard drive backup program
On Wed, 11 Aug 2010, travis+ml-rs...@subspacefield.org wrote: > Hey all, I'm writing a tool: > > http://www.subspacefield.org/security/hdb/ > > It is very similar in some ways to rsync, except it's meant for > backing up locally to removable HDDs, and it keeps metadata around > when the HDD is removed. > > I figured I'd ping people here to see if they are interested in > participating in the brainstorming sessions. I figure you know a lot > more than me about this kind of stuff. Maybe I'm misinterpreting "keeps metadata around when the HDD is removed". Isn't that part of most backup software? If you haven't already, the Hierarchical Storage Management (HSM) page on Wikipedia[1] has a list of software that (probably) does this. In particular, at a former job of mine, we used Tivoli for backups. It did what you're stating (kept metadata about backups around even without the backups). -- Best, Ben [1] http://en.wikipedia.org/wiki/Hierarchical_storage_management#Implementations -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: feature request: "remote user is root, make remote owner is foo"
On Wed, Aug 11, 2010 at 01:32:42PM -0400, Brian Cuttler wrote: [Set u+s on directories, don't worry about owners] It seems to work relatively well. I get an error about not being able to chgrp the files owned by other users, and, in my case, the group ends up wrong because it's not supposed to be the same on both ends (www-data on destination, something else on source). However, because of the former problem, at least the extant files stay readable until I can fix-up the group problem caused by the latter. If I further chown them to www-data, then they don't get their gid hosed the second time around. Not an ideal solution, but seems workable for the time being. Aside: chown really needs a flag that says "set GID on directories but nothing else". Right now I do this, which is the only right thing to do when filenames might contain anything, including whitespace or newlines: setperms () { local perms="$1" local fileperm="$2" local dirperm="$3" local own="$4" local dir shift 4 for dir in "$@" do if test -d "$dir" then find "$dir" -xdev -type d -print0 | xargs -0 --no-run-if-empty chmod "$perms","$dirperm" -- find "$dir" -xdev -type f -print0 | xargs -0 --no-run-if-empty chmod "$perms","$fileperm" -- chown -R "$own" "$dir" fi done } setperms u=rwX,o=rX g=rwX g=rwxs owner:group /path/to/whatever -- A Weapon of Mass Construction My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted. pgpqbaSRuWBh3.pgp Description: PGP signature -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: HDB, a hard drive backup program
> Hey all, I'm writing a tool: > > http://www.subspacefield.org/security/hdb/ This is an interesting approach. I look forward to seeing the project develop. Thanks for the link. -- This email is protected by LBackup http://www.lbackup.org -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: feature request: "remote user is root, make remote owner is foo"
On 08/11/10 13:18, travis+ml-rs...@subspacefield.org wrote: I often push files from my user account over SSH to my web server, and want them owned by www-user, which may not have a login shell, should never accept remote logins, and who may not have a ~/.ssh directory (and if it did, it would be under the wwwroot, ack!). This is off-topic, but I don't see a reason for having the files owned by the www user. If anything, they should only be in the www group and only group-readable. That is, unless you really want the www user to be able to write to your files. Think about a vulnerability (in apache, for instance) which would give someone the ability to act as the www user. They would then be able to change all of your site content. There's an approach that's even tighter than this that requires ACLs. Currently I push as root and then do a chmod, but isn't there a better way? While I'm doing this, the files are temporarily unavailable, since they aren't readable by www-user as they exist on the local system. I think Brian's solution is ideal. Use the setgid bit on your web directories. -Steve Polyack -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: feature request: "remote user is root, make remote owner is foo"
On Wed, Aug 11, 2010 at 01:34:44PM -0400, Brian Cuttler wrote: > As a matter of principle, SOP, we don't like to ssh/rsync as root > and generally don't allow root ssh/rsync into a box. Better/safer > to move the security stuff to a lower powered user if you can. I'm familiar with the argument. Let me give you my take on it: http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc11.9.9 Downside: Direct root logins make accountability harder - you have only the source IP to go on. Upside: You can back up the entire [file] system remotely. You can rsync stuff owned by users without valid login shells or authorized_keys. For me, I'm the only root user, and only allow key-based logins, so there's no downside. I'll look into your SGID directory idea for group ownership. PS: rsync kinda assumes when doing --preserve-uids that UIDs (or maybe it was user names) map. When they don't exist on target system, you either get "owned by destination user" (no --preserve-uids), or "owned by wrong user", both of which have drawbacks. It'd be nice to have a way to map users, but not a must-have. -- A Weapon of Mass Construction My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted. pgpxXcIkHOPhd.pgp Description: PGP signature -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: feature request: "remote user is root, make remote owner is foo"
Travis, We also use rsync to push our files. While there are several users with the ability to do the push, the files on the webserver host are set with su-gid bit set. No matter which of our web people push the files to the visible server the files all move to a consistent groupship that allows the other users to replace them later. You may do something similar with your setup, the webserver group being in the same group as your webmaster(s)', at least on the receiving end of things. Are files on webserver are 775 and directories 1775 and we are less concerned about the owner of the file than the group of the file. YMMV Brian On Wed, Aug 11, 2010 at 10:18:11AM -0700, travis+ml-rs...@subspacefield.org wrote: > I often push files from my user account over SSH to my web server, and > want them owned by www-user, which may not have a login shell, should > never accept remote logins, and who may not have a ~/.ssh directory > (and if it did, it would be under the wwwroot, ack!). > > Currently I push as root and then do a chmod, but isn't there a better > way? While I'm doing this, the files are temporarily unavailable, since > they aren't readable by www-user as they exist on the local system. > -- > A Weapon of Mass Construction > My emails do not have attachments; it's a digital signature that your mail > program doesn't understand. | http://www.subspacefield.org/~travis/ > If you are a spammer, please email j...@subspacefield.org to get blacklisted. > -- > Please use reply-all for most replies to avoid omitting the mailing list. > To unsubscribe or change options: > https://lists.samba.org/mailman/listinfo/rsync > Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html --- Brian R Cuttler brian.cutt...@wadsworth.org Computer Systems Support(v) 518 486-1697 Wadsworth Center(f) 518 473-6384 NYS Department of HealthHelp Desk 518 473-0773 IMPORTANT NOTICE: This e-mail and any attachments may contain confidential or sensitive information which is, or may be, legally privileged or otherwise protected by law from further disclosure. It is intended only for the addressee. If you received this in error or from someone who was not authorized to send it to you, please do not distribute, copy or use it or any attachments. Please notify the sender immediately by reply e-mail and delete this from your system. Thank you for your cooperation. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: feature request: "remote user is root, make remote owner is foo"
Travis, As a matter of principle, SOP, we don't like to ssh/rsync as root and generally don't allow root ssh/rsync into a box. Better/safer to move the security stuff to a lower powered user if you can. On Wed, Aug 11, 2010 at 10:18:11AM -0700, travis+ml-rs...@subspacefield.org wrote: > I often push files from my user account over SSH to my web server, and > want them owned by www-user, which may not have a login shell, should > never accept remote logins, and who may not have a ~/.ssh directory > (and if it did, it would be under the wwwroot, ack!). > > Currently I push as root and then do a chmod, but isn't there a better > way? While I'm doing this, the files are temporarily unavailable, since > they aren't readable by www-user as they exist on the local system. > -- > A Weapon of Mass Construction > My emails do not have attachments; it's a digital signature that your mail > program doesn't understand. | http://www.subspacefield.org/~travis/ > If you are a spammer, please email j...@subspacefield.org to get blacklisted. > -- > Please use reply-all for most replies to avoid omitting the mailing list. > To unsubscribe or change options: > https://lists.samba.org/mailman/listinfo/rsync > Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html --- Brian R Cuttler brian.cutt...@wadsworth.org Computer Systems Support(v) 518 486-1697 Wadsworth Center(f) 518 473-6384 NYS Department of HealthHelp Desk 518 473-0773 IMPORTANT NOTICE: This e-mail and any attachments may contain confidential or sensitive information which is, or may be, legally privileged or otherwise protected by law from further disclosure. It is intended only for the addressee. If you received this in error or from someone who was not authorized to send it to you, please do not distribute, copy or use it or any attachments. Please notify the sender immediately by reply e-mail and delete this from your system. Thank you for your cooperation. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
feature request: "remote user is root, make remote owner is foo"
I often push files from my user account over SSH to my web server, and want them owned by www-user, which may not have a login shell, should never accept remote logins, and who may not have a ~/.ssh directory (and if it did, it would be under the wwwroot, ack!). Currently I push as root and then do a chmod, but isn't there a better way? While I'm doing this, the files are temporarily unavailable, since they aren't readable by www-user as they exist on the local system. -- A Weapon of Mass Construction My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted. pgpDEunZZoPBe.pgp Description: PGP signature -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
HDB, a hard drive backup program
Hey all, I'm writing a tool: http://www.subspacefield.org/security/hdb/ It is very similar in some ways to rsync, except it's meant for backing up locally to removable HDDs, and it keeps metadata around when the HDD is removed. I figured I'd ping people here to see if they are interested in participating in the brainstorming sessions. I figure you know a lot more than me about this kind of stuff. -- A Weapon of Mass Construction My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted. pgp3b8fiiFUvX.pgp Description: PGP signature -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Scripting rsync against a filesystem with a quota
Hello, I have a couple of questions about using rsync scriptographically. I've looked around and can't find anything. I must be missing something obvious. I'm trying to write a script that will synchronise various local folders on a Mac OS X Workstation to an SMB mounted Windows (2003, mostly) Server where the user I'm copying as has a quota applied. I want to compare the available space I have, which I can find with: df /Volumes/$USER | grep % | awk -F'[ ] ' '{ print $4 }' Against the amount of data that rsync thinks it is going to copy. What I'm after is the most efficient way of finding out how much data rsync wants to copy, dying (relatively) gracefully should it be within X of the quota (say, 10MB or so). At the moment I can use the same rsync command I'd run to do the copy but with the -n option: rsync -a -u -z -E -r -l -n --progress /path/to/src /Volumes/path/to/dest/ | grep "total size is" | awk -F'[ ]' '{ print $4 }' to do a dry-run to grep and cut a number from rsync's output. The only thing is that this might take a while if there are very many files and potentially there are hundreds of thousands. I'd then have to go and run the same command all over again should the data fit, this time without the -n option. I also feel that my units may be rather disparate (i.e. df's output isn't the same unit sizes as rsync's). I'm sure there must be a better way than running rsync twice. On another note I'm getting an error: copyfile(.._..v6AxMh,./., COPYFILE_UNPACK) failed:13 When trying to run with -E. The consensus seems to be that it's a permissions issue (which I'll investigate later). Thoughts? Many thanks, ~W ***IMPORTANT NOTE*** As of the 1st March 2010 we have incorporated our Mac Support Services within Amsys PLC. Amsys PLC. Byron House, Lower Road, Kenley, Surrey, CR8 5NB (T) +44 (0)20 8660 7750 (F) +44 (0)20 8763 0924 (W) www.amsys.co.uk (E) i...@macolytes.co.uk - Apple Authorised Service Provider (AASP) - DISCLAIMER NOTICE The information contained within this e-mail is confidential and is intended solely for the addressee. Access to this e-mail by any other party is unauthorised. Any views or opinions presented are solely those of the author and do not necessarily represent those of Amsys PLC. Internet communications are not secure and Amsys PLC. does not accept any responsibility for the contents of this message or changes made to this message after it was sent. Please consider the environment before printing this e-mail -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html