Backing up individual user home dirs using user privs.

Bill Uhl bill at
Fri Oct 6 12:13:17 GMT 2006


I do something similar with my rsync server as follows.

- Run rsync in daemon mode on the server as root. Globals looks like this...

####    Globals
        motd file = /etc/rsyncd/motd

        log file = /var/log/rsync.log
        transfer logging = yes

        address =
        pid file = /var/run/

#       defaults - override in modules as needed
        max connections = 4
        secrets file = /etc/rsyncd/rsyncd.secrets
        strict modes = true
        read only = false
        timeout = 900

- Create a module for each user in the rsyncd.conf file similar to this...

#       replicating files from user test
        comment = test client setup
        path = /home/test
        use chroot = true
        max connections = 2
        lock file = /var/lock/rsyncd/test.lock
        list = false
        uid = 503
        gid = 503
        auth users = test
        incoming chmod = Dg=s,Dug=rwx,Do-rwx,Fug=rw,Fo-rwx

In this case, username is test with uid=503 and gid=503. Each user 
connects to the rsync server as themselves and has access only to their 
own personal subtree. With chroot=true, you can create a ~/etc with 
localtime to fix the logging - search list for details. You can point 
the uploads to go to a subdir such as ~/desktop to prevent collisions 
and to use history if you want. I use subtrees ~/current and ~/history 
to maintain versions, but they add up fast. You might want to use 
excludes to block various large files.

If the only thing your rsyncd is doing is this kind of backup, you can 
pull some of the module statements into the global section to slim down 
each module. Unfortunately, you still end up with a module per user, 
which can create a large rsyncd.conf.

The modules can be created and appended by script if needed. Also, you 
will need to set up an rsync password for each user and if you are 
replicating over a public network, I would recommend that you use ssh 
keys for connecting, instead of ssh password. I run sshd on the server 
and port forward to the rsync port. rsyncd is set to only listen to the 
loopback interface. Each user also has a ~/.ssh dir with an 
authorize_keys file.

On the client side, I have a script that invokes plink (from putty) to 
open a connection and port forward to the rsync port using the user's 
ssh key. Then I open a direct rsync connection to the daemon via the 
open tunnel. Takes a little process coordination, but it works for me. 
The script is invoked by the windows scheduler.

You mentioned samba in your message. Have you looked at samba with 
roaming profiles?

Also, see list re: incoming chmod - I came across a problem that 
required patches and the latest stable rsync, not the last release. The 
patches are already folded into the latest stable available for 
download, I'm pretty sure.

Good Luck
Bill Uhl
GreenLight Networks, LLC

More information about the rsync mailing list