uid/gid settings in rsyncd.conf not respected?

Harry Mangalam harry.mangalam at uci.edu
Fri Feb 13 05:23:38 GMT 2009 

Hi All,

I must not understand the uid/gid line in rsyncd.conf.  If someone 
could briefly point out where I've gone wrong, I'd appreciate it.

I've created a special user to backup a server which has some users 
who don't want all their files backed up, so I'm trying to address 
their concerns by using the uid= and gid= lines in rsyncd.conf to 
have the rsyncd run with 'uid=backuppc' and 'gid=backuppc' privs, set 
in the global section.  Then I add backuppc to the appropriate group 
in /etc/group as below.

In this way, rsync will have read permissions only for those users who 
have made their files g+rX and who have agreed to have the backuppc 
user added to their group in /etc/group.

ie 'minas' is a user who has his /home/dir set as 
drwxr-x--- 39 minas minas 4096 2009-02-06 23:01 /home/minas

I've tried to have address this by setting his /etc/group line as:

minas:x:1000:backuppc

expecting that since 'backuppc' is now a member of the 'minas' group, 
rsync running with 'backuppc' privs can read the files 'minas' user 
allows the 'minas' group to read.  This change allows the 'backuppc' 
user to read those files from the shell.

However, this does not work for the backup (rsyncd refuses to read the 
files with an entry in /var/log/rsyncd.log:

auth failed on module svn from nnn.nnn.nnn.nnn (
xxx.xxx.xxx.xxx): unauthorized user.  

It /does/ work if I have the uid/gid lines set to 'root' or 
to 'minas', but in that case ALL his files get backed up, which is 
not what he wants.  

The relevant parts of the rsyncd.conf file 

# GLOBAL OPTIONS
log file=/var/log/rsyncd
pid file=/var/run/rsyncd.pid
auth users = [deleted]
uid = backuppc
gid = backuppc
secrets file = /etc/rsyncd.secrets
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz 
*.exe
max verbosity=2

# MODULE OPTIONS

[home]
        comment = /home dir for []
        path = /home
        use chroot = no
        max connections=1
        lock file = /var/lock/rsyncd
        read only = yes
        list = yes
        exclude from = /etc/rsyncd.exclude
        strict modes = yes
        hosts deny = *
        hosts allow = [deleted]
        ignore errors = no
        ignore nonreadable = yes
        transfer logging = yes
        timeout = 600
        refuse options = checksum dry-run
        dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 
*.tbz


-- 
Harry Mangalam - Research Computing, NACS, E2148, Engineering Gateway, 
UC Irvine 92697  949 824-0084(o), 949 285-4487(c)
---
Good judgment comes from experience; 
Experience comes from bad judgment. [F. Brooks.]

More information about the rsync mailing list