How to prevent deletion of files on the client side?

Métras Pierre p.metras at onf.ca
Wed Jun 15 14:18:31 GMT 2005 

I've a problem understanding the --delete option (well, I think I understand why it works that way but I miss how to make it work the way I want).

I want to use rsync to "mirror" two live Apache servers (I've tried to simplify my problem to a small example, but it's part of a bigger project). Regularly, the apache directory tree is rsynced from a master server to its slave mirror. It's not an exact mirror, as both side have to keep some private files: SSL certificates, logs, configuration...
The rsync daemon is running on the master and the client pulls the files from the master.

On the master server, I defined the module [apache] in /etc/rsyncd.conf:
[apache]
        comment = Apache tree
        path = /usr/apache
        read only = true
        list = false
        uid = nobody
        gid = nobody
        auth users = webclone
        secrets file = /etc/rsyncd.passwd
        hosts allow = 192.168.241.0/24
        timeout = 600
        exclude from = /etc/rsyncd.exclude

I setup the /etc/rsyncd.exclude file to prevent transfering logs files or system specific files (SSL certificates or passphrase):

- /logs/
- /conf/ssl*
- /conf/passphrase


Now, the mirror server pulls the apache module with the command:
rsync -avz --delete --delete-during rsync://websecure@sunray/apache/ /usr/apache/

The daemon runs as nobody on the server, and as the /conf/passphrase file is excluded from transfer, it does not try to access it. If it tries, I would have a permissions error as it is readable by root only.
But on the client side, I have to run as root to correctly set the permissions of the files rsynced. I suspect that the passphrase file is not transmitted in the files list to the client, as it is excluded on the server. But the --delete on the client side removes it. The client thinks it's an extra older file, because it does not appear in the transfer list and so removes it...

To keep it on the mirror, I have to exclude it again on the client side. So, I have to maintain two lists of exclusions: one on the daemon side, one on the clients.

Is it possible to keep only one list of exclusion on the server side or share it from both sides, and benefit from the --delete option to remove files only in the directories transfered?

I've tried various combinations, running the daemon as root and/or protecting the file in the exclude list, but no one seems to work. To sum up, I want:
- To exclude the /conf/passphrase from the transfer on the server side.
- The daemon to notify the client not to delete this file.
- The client to delete all other files in directories transfered.
- Manage the exclusions only in one place.
The important point which seems not to be possible is the second point.

Or perhaps have a set uid on the client side to restrict the power of the --delete option?

Thanks if you can help me to keep a simple rsync configuration.

Pierre Métras

More information about the rsync mailing list