running rsync daemon as unpribileged
Matt McCutchen
matt at mattmccutchen.net
Sat Aug 30 16:58:10 GMT 2008
On Sat, 2008-08-30 at 18:23 +0200, Keld Jørn Simonsen wrote:
> I run a mirror service where for gentoo I run rsync as a daemon.
> Currently the daemon runs root to get the 873 port opened.
> And when transfers then run, they run as nobody.
>
> I would like the rsync daemon to connect to 873 (as root)
> then possibly do a chroot and then run always as something else
> than root (maybe nobody).
>
> It this advisable? Is it possible?
The only time that the rsync daemon supports chrooting and changing
uid/gid is each time it accepts a client connection. If you want the
daemon to listen on port 873 without the master daemon process running
as root, you could have the daemon listen on an unprivileged port and
run a port forwarding program (such as ssh) as root to forward
connections from port 873 to the daemon's port. If you want the master
process to be chrooted, you'll have to chroot before starting it.
Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/rsync/attachments/20080830/c192d7b1/attachment.bin
More information about the rsync
mailing list