-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It can push or pull. The important part is that it runs as root on one end and with --fake-super on the other end.
On 08/17/13 00:07, Sherin A wrote: > On Thursday 15 August 2013 01:25 AM, Kevin Korb wrote: It works if > you use --fake-super on the side that isn't super. That is the > only side that needs it: > > asylum# id kmk uid=12313(kmk) gid=100(users) > groups=100(users),10(wheel),16(cron),35(games) asylum# ls -l > ~kmk/testfile -rw-r----- 1 kmk users 0 Aug 14 15:47 > /home/kmk/testfile asylum# ssh backups@psychosis id > uid=12317(backups) gid=12317(backups) groups=12317(backups) asylum# > rsync -vai --rsync-path="/usr/bin/rsync --fake-super" ~kmk/testfile > backups@psychosis: sending incremental file list <f+++++++++ > testfile > > sent 84 bytes received 31 bytes 230.00 bytes/sec total size is 0 > speedup is 0.00 asylum# ssh backups@psychosis ls -l testfile > -rw-r----- 1 backups backups 0 Aug 14 15:47 testfile asylum# ssh > backups@psychosis getfattr testfile # file: testfile > user.rsync.%stat > > asylum# ssh backups@psychosis getfattr -n user.rsync.%stat > testfile # file: testfile user.rsync.%stat="100640 0,0 12313:100" > > asylum# rsync -vai --rsync-path="/usr/bin/rsync --fake-super" > backups@psychosis:testfile /tmp/ receiving incremental file list >>>> f+++++++++ testfile > sent 30 bytes received 89 bytes 238.00 bytes/sec total size is 0 > speedup is 0.00 asylum# ls -l /tmp/testfile -rw-r----- 1 kmk users > 0 Aug 14 15:47 /tmp/testfile > > > The file gets stored in the backup as the backups user but with a > tag saying it is really supposed to be owned by kmk. When I > restore it it comes back owned by user kmk. > > On 08/14/13 15:20, Sherin A wrote: >>>> >>>> >>>> >>>> >>>> >>>> On Wednesday 14 August 2013 11:04 PM, Kevin Korb wrote: The >>>> point of --fake-super is that when you restore the file with >>>> --fake-super it will restore with the original ownership. Of >>>> course that means that the restore has to be run with super >>>> privs on the target and --fake-super on the source. >>>> >>>>> This doesn't work on remote stores . It doesn't restore >>>>> the ownerships. >>>> >>>> >>>> >>>>> On Wednesday 14 August 2013 11:04 PM, Kevin Korb wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>> >>>> The point of --fake-super is that when you restore the file >>>> with --fake-super it will restore with the original >>>> ownership. Of course that means that the restore has to be >>>> run with super privs on the target and --fake-super on the >>>> source. >>>> >>>> On 08/14/13 13:30, Sherin A wrote: >>>>>>> On Wednesday 14 August 2013 10:25 PM, Kevin Korb >>>>>>> wrote: >>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>>>>> >>>>>>>> As has been pointed out to you your problem is not >>>>>>>> hard links. Your problem is the indiscriminate use of >>>>>>>> a root operation (a chown) during the restoration >>>>>>>> process. >>>>>>>> >>>>>>>> You should be solving this by either: A) backing up >>>>>>>> and restoring the original owner of the files >>>>>>>> (directly or via --fake-super) >>>>>>> This won't work , >>>>>>> >>>>>>> root@source [~]# id dom2inho uid=507(dom2inho) >>>>>>> gid=508(dom2inho) groups=508(dom2inho) root@source[~]# >>>>>>> rsync -avp -e 'ssh ' --fake-super /home/dom2inho >>>>>>> backup@10.0.0.10:/home/backup/ In storage server , >>>>>>> [root@dest dom2inho]# id backup uid=505(backup) >>>>>>> gid=506(backup) groups=506(backup) [root@dest >>>>>>> dom2inho]# pwd /home/backup/dom2inho [root@dest >>>>>>> dom2inho]# ll -d /home/backup/dom2inho/shadow >>>>>>> --w------- 1 backup backup 1344 Aug 13 12:52 >>>>>>> /home/backup/dom2inho/shadow => not preserving uids >>>>>>> or gids [root@da dom2inho]# >>>>>>> >>>>>>> If I am doing something wrong please let me know. >>>>>>> >>>>>>> >>>>>>>> B) backing up each user's files and only their >>>>>>>> files. >>>>>>> I don't see an option in the rsync man to copy only >>>>>>> each users files , can you please point me to that >>>>>>> option >>>>>>> >>>>>>> >>>>>>> Thanking you for your valuable time and help . >>>>>>> >>>> > So, It need to be a pull type rsync with unprivileged user ?. It > was not a permanent solution always. May be it is the time to > present this POC to other forums. There will be a big issue with > hundreds of servers and applications that use rsync and can be > exploited using the POS. > - -- ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~ Kevin Korb Phone: (407) 252-6853 Systems Administrator Internet: FutureQuest, Inc. ke...@futurequest.net (work) Orlando, Florida k...@sanitarium.net (personal) Web page: http://www.sanitarium.net/ PGP public key available on web site. ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iEYEARECAAYFAlIPW1gACgkQVKC1jlbQAQeIxgCeOTp3yaOQmZwPRfqq3/K2Nz92 GLYAniKlMgxpaDih8fUoaeMx/Pxgyhar =Ou9n -----END PGP SIGNATURE----- -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html