How to specify "--link-dest" on server (rsyncd.conf)?

Carl E. Thompson lists-rsync at carlthompson.net
Tue Apr 29 23:22:30 GMT 2008 

Thank you for your response.

Currently backups are implemented via rsync and I don't want to add
rsnapshot to the mix and have to reconfigure everything on the clients
and server. Moreover from what I've read rsnapshot seems very similar
from what I've already implemented and I believe suffers the same
vulnerability to compromised / malicious clients where the all of the
snapshots can be compromised by exploiting permission / owner / group
problem. That is what I am trying to avoid so I'm not sure that using
rsnapshot helps me.

The system I have already implemented is very similar that described in
the post you pointed out. However, I missed the patch described in that
post in my initial search. That patch adds the "--tweak" , "--no-tweak"
, and "--no-tweak-hlinked" options which do exactly what I need. After
giving it considerable thought it's my opinion that adding new options
is not needed; the "--no-tweak" behavior should be the default for rsync
and the "--tweak" behavior (which is currently the default) should only
happen if the "--inplace" option is specified. The current behavior is
inconsistent; these types of changes are made in place regardless of
whether the "--inplace" option is specified. IMHO no changes should be
made in place unless "--inplace" is specified.

I believe the impact of changing rsync's default behavior in this way
would be a net positive. There are many, many backup solutions that I've
seen out there that use rsync and hard links that would benefit from
increased resistance to malicious attacks and errors in configuration. I
think the value of ensuring the integrity of the backups is worth a very
small cost in performance and backup size. I can think of no use cases
where modifying the default behavior in this way would cause any
negative issues.

Opinions? Am I overstepping my bounds by making such a suggestion?

Thank you,
Carl Thompson


hh.eu at gmx.de wrote:
> I didn't read all of your post, to be honest, so forgive me if this does
> not help, but are you aware of rsnapshot <http://www.rsnapshot.org/> ?
> It is very nice for snapshots and uses rsync 'behind the scenes'.
>
> Search the list archives for info on this. In particular, this post
> <http://lists.samba.org/archive/rsync/2007-December/019470.html> comes
> to my mind which deals with a situation similar to yours (if I haven't
> misread your description): rsync daemon on server, no changes on  
> clients,
> clients "push" backups to server, server handles snapshots.
>
> -Moritz
>
> Am 20.04.2008 um 19:02 schrieb Carl E. Thompson:
>
>   
>> Hello,
>>
>>     This is my first post to the list.
>>
>>     Is it possible to specify the --link-dest option server-side in  
>> the
>> rsyncd.conf file? What I'd like to do is implement incremental  
>> snapshot
>> backups without having to change the clients which all just do regular
>> dumps to the rsync server. I'd like to specifiy this option on the
>> server rather than on the client because I don't want to have to  
>> change
>> all of the clients and don't want to trust that all of the clients are
>> configured correctly. So in essence I'd like the clients to think
>> they're doing a regular backup to a "write-only" module in whatever  
>> way
>> they see fit but I'll have script magic on the server that makes it an
>> incremental snapshot. I can accomplish this imperfectly by using  
>> the "cp
>> -al" hard link method but this is vulnerable to permission / owner /
>> group problems that could easily compromise all of the snapshots. It
>> seems to me the easiest way to do this would be if it were possible to
>> specify the "--link-dest" option on the server side in the module
>> configuration in the rsyncd.conf file. This would either override the
>> option if specified on the client or error out.
>>
>>     Alternatively and best of all I could accomplish the same thing  
>> with
>> the "cp -al" method if there were an option to tell the server that
>> permission / owner / group / other changes are never to be performed
>> directly on an existing file but that a new file is always created via
>> local copy and moved into place (such an option would of course  
>> conflict
>> with options like "--inplace"). This would be a valuable option to  
>> have
>> because it could help guarantee for a paranoid administrator that
>> previously backed up and hard linked files won't be modified by  
>> rsync in
>> case of a configuration error or malicious client.
>>
>>      If there is no way to do either of these things with current
>> versions of rsync how would I go about requesting this feature for a
>> subsequent version?
>>
>> Thank you very much,
>> Carl Thompson
>>
>> -- 
>> Please use reply-all for most replies to avoid omitting the mailing  
>> list.
>> To unsubscribe or change options: https://lists.samba.org/mailman/ 
>> listinfo/rsync
>> Before posting, read: http://www.catb.org/~esr/faqs/smart- 
>> questions.html
>>     
>
>
>   
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the rsync mailing list