rsync daemon and secrets file

Hardy Merrill hmerrill at redhat.com
Tue Aug 26 02:49:36 EST 2003


After seeing another question answered today on the
same 'rsyncd.secrets' topic, I solved my problem -
I had more than one:

 1. in the /etc/rsyncd.conf file, I specified

        secrets file = /etc/rsync.secrets

    when the proper file was 'rsyncd.secrets'

 2. the one and only line I have in /etc/rsyncd.secrets
    does need an end-of-line character at the end.

after making those 2 changes, I do get the password
prompt on the client, and when I enter the password
correctly, the transfer completes correctly.

I also realized that the rsync client does not need to
have a system account corresponding to the rsync
server module name - the client can just specify the
module name as the user name, as in [USER@]HOST::DEST.
So, if the module name is 'test', and I either don't
have a account 'test' on the client, or I'm logged on
as a different account(not 'test') on the client,
then I can still do the transfer by specifying 'test@'
before the server hostname and module, like

  rsync -avv test at my.rsync_server.com::test-secret/one_secret /tmp/rsync_test_secret

Although 'man rsync' does "technically" describe this
in the CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL
PROGRAM section with this command:

  rsync -av --rsh="ssh -l ssh-user" rsync-user at host::module[/path]
        local-path

IMHO, it would enhance user understanding to provide a
concrete EXAMPLE of this.  Also, it would help in
'man rsyncd.conf' not only to see an example of an
rsyncd.conf file, but also to see examples of the
different transfers that could be done with that
rsyncd.conf file.  I'm not criticizing - just mearly
noticing an area that given some attention, could
increase user understanding and decrease support.

-- 
Hardy Merrill
Red Hat, Inc.

Hardy Merrill [hmerrill at redhat.com] wrote:
> I'm trying to understand how to properly setup the
> /etc/rsyncd.conf file to run an rsync daemon with a
> secrets file specified in a module - the rsync.conf
> manpage does not spell it out clearly enough.
> 
> Rsync server is rsync-2.5.6.
> 
> If this is my /etc/rsyncd.conf file:
> ------------------------------------
> log file = /var/log/rsync
> uid = root
> gid = root
> [test]
>         uid = rsync1
>         gid = rsync1
>         path = /rsync_test
>         comment = Rsync Test - Comment
> [test-secret]
>         comment = Testing Secret Stuff
>         path = /rsync_test_secret
>         secrets file = /etc/rsync.secrets
>         auth users = joe
> 
> 
> And this is the /etc/rsyncd.secrets file:
> -----------------------------------------
> test:another_pw
> 
> 
> And permissions on the /etc/rsync* files:
> -----------------------------------------
> [root at merrill etc]# ls -l rsync*
> -rw-r-----    1 root     root          261 Aug 22 09:02 rsyncd.conf
> -rw-r-----    1 root     root            9 Aug 22 09:10 rsyncd.secrets
> 
> 
> And permissions on the /rsync_test_secret directory:
> ----------------------------------------------------
> drwxr-xr-x    3 rsync1   rsync1       4096 Jul 10 12:16 rsync_test
> drwxr-xr-x    3 root     root         4096 Aug 22 08:44 rsync_test_secret
> 
> 
> With those settings, a client logged on to a different
> machine in the same network, as user "test", connecting with
> 
>   rsync -avv my.rsync_server.com::test-secret/one_secret /tmp/rsync_test_secret
> 
> gets the 'password:' prompt, and then after entering
> password 'another_pw', gets this error:
> 
>   @ERROR: auth failed on module test-secret
> 
> and the /var/log/rsync log gets this error:
> 
>   2003/08/22 09:11:08 [3377] auth failed on module test-secret from my.rsync_server.com ([ip of client])
> 
> 
> What am I missing?
> 
> TIA.
> 
> -- 
> Hardy Merrill
> Red Hat, Inc.



More information about the rsync mailing list