rsync and permissions

Wayne Davison wayned at
Tue Jul 6 04:38:00 GMT 2004

On Mon, Jul 05, 2004 at 01:53:44PM +0200, Christian Frabel wrote:
> We use a rsync server on the distant machine and we connect from the
> local one using ssh.

If you're using ssh you aren't talking to the rsync server (unless
you're only using as a tunnel).  The rsync server only listens for
direct connections.

> All works fine except that I am unable to set a global 
> "strategy" on permissions, i.e. what user rsync had to use to get all 
> the distant files. Have I to connect as root?

You'll need to be root on the machine receiving the files in order to
create them as different users, but you don't need to be root on the
sending system -- you just need enough permissions to be able to read
all the files (e.g. group access is fine, if that is possible).  The
ssh command can log into the remote machine using any user, so you
could run a pull command (as root) like this:

rsync -av user at /backup

This would log into as "user" -- as long as "user" was able
to read all the files you wanted to backup, you'd be fine.

If you end up needing root access to read everything that you want to
backup, you may wish to enable a read-only rsync daemon that is running
as root (possibly chrooted).  You can set it up to be password protected
and to only allow connections from localhost, which would let you use
ssh to tunnel a daemon connection.  See the ssh docs for the tunnel
syntax and the rsync docs for the "::" syntax (avoid -e/--rsh too).


More information about the rsync mailing list