uid/gid settings in rsyncd.conf not respected?
harry.mangalam at uci.edu
Fri Feb 13 05:23:38 GMT 2009
I must not understand the uid/gid line in rsyncd.conf. If someone
could briefly point out where I've gone wrong, I'd appreciate it.
I've created a special user to backup a server which has some users
who don't want all their files backed up, so I'm trying to address
their concerns by using the uid= and gid= lines in rsyncd.conf to
have the rsyncd run with 'uid=backuppc' and 'gid=backuppc' privs, set
in the global section. Then I add backuppc to the appropriate group
in /etc/group as below.
In this way, rsync will have read permissions only for those users who
have made their files g+rX and who have agreed to have the backuppc
user added to their group in /etc/group.
ie 'minas' is a user who has his /home/dir set as
drwxr-x--- 39 minas minas 4096 2009-02-06 23:01 /home/minas
I've tried to have address this by setting his /etc/group line as:
expecting that since 'backuppc' is now a member of the 'minas' group,
rsync running with 'backuppc' privs can read the files 'minas' user
allows the 'minas' group to read. This change allows the 'backuppc'
user to read those files from the shell.
However, this does not work for the backup (rsyncd refuses to read the
files with an entry in /var/log/rsyncd.log:
auth failed on module svn from nnn.nnn.nnn.nnn (
xxx.xxx.xxx.xxx): unauthorized user.
It /does/ work if I have the uid/gid lines set to 'root' or
to 'minas', but in that case ALL his files get backed up, which is
not what he wants.
The relevant parts of the rsyncd.conf file
# GLOBAL OPTIONS
auth users = [deleted]
uid = backuppc
gid = backuppc
secrets file = /etc/rsyncd.secrets
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
# MODULE OPTIONS
comment = /home dir for 
path = /home
use chroot = no
lock file = /var/lock/rsyncd
read only = yes
list = yes
exclude from = /etc/rsyncd.exclude
strict modes = yes
hosts deny = *
hosts allow = [deleted]
ignore errors = no
ignore nonreadable = yes
transfer logging = yes
timeout = 600
refuse options = checksum dry-run
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2
Harry Mangalam - Research Computing, NACS, E2148, Engineering Gateway,
UC Irvine 92697 949 824-0084(o), 949 285-4487(c)
Good judgment comes from experience;
Experience comes from bad judgment. [F. Brooks.]
More information about the rsync