Backing up individual user home dirs using user privs.
Bill Uhl
bill at greenlightnet.com
Fri Oct 6 12:13:17 GMT 2006
Michael,
I do something similar with my rsync server as follows.
- Run rsync in daemon mode on the server as root. Globals looks like this...
#### Globals
motd file = /etc/rsyncd/motd
log file = /var/log/rsync.log
transfer logging = yes
address = 127.0.0.1
pid file = /var/run/rsyncd.pid
# defaults - override in modules as needed
max connections = 4
secrets file = /etc/rsyncd/rsyncd.secrets
strict modes = true
read only = false
timeout = 900
- Create a module for each user in the rsyncd.conf file similar to this...
[test]
# replicating files from user test
comment = test client setup
path = /home/test
use chroot = true
max connections = 2
lock file = /var/lock/rsyncd/test.lock
list = false
uid = 503
gid = 503
auth users = test
incoming chmod = Dg=s,Dug=rwx,Do-rwx,Fug=rw,Fo-rwx
In this case, username is test with uid=503 and gid=503. Each user
connects to the rsync server as themselves and has access only to their
own personal subtree. With chroot=true, you can create a ~/etc with
localtime to fix the logging - search list for details. You can point
the uploads to go to a subdir such as ~/desktop to prevent collisions
and to use history if you want. I use subtrees ~/current and ~/history
to maintain versions, but they add up fast. You might want to use
excludes to block various large files.
If the only thing your rsyncd is doing is this kind of backup, you can
pull some of the module statements into the global section to slim down
each module. Unfortunately, you still end up with a module per user,
which can create a large rsyncd.conf.
The modules can be created and appended by script if needed. Also, you
will need to set up an rsync password for each user and if you are
replicating over a public network, I would recommend that you use ssh
keys for connecting, instead of ssh password. I run sshd on the server
and port forward to the rsync port. rsyncd is set to only listen to the
loopback interface. Each user also has a ~/.ssh dir with an
authorize_keys file.
On the client side, I have a script that invokes plink (from putty) to
open a connection and port forward to the rsync port using the user's
ssh key. Then I open a direct rsync connection to the daemon via the
open tunnel. Takes a little process coordination, but it works for me.
The script is invoked by the windows scheduler.
You mentioned samba in your message. Have you looked at samba with
roaming profiles?
Also, see list re: incoming chmod - I came across a problem that
required patches and the latest stable rsync, not the last release. The
patches are already folded into the latest stable available for
download, I'm pretty sure.
Good Luck
Bill Uhl
GreenLight Networks, LLC
More information about the rsync
mailing list