uid/gid settings in rsyncd.conf not respected?
matt at mattmccutchen.net
Sun Feb 15 01:53:22 GMT 2009
On Thu, 2009-02-12 at 21:23 -0800, Harry Mangalam wrote:
> I've created a special user to backup a server which has some users
> who don't want all their files backed up, so I'm trying to address
> their concerns by using the uid= and gid= lines in rsyncd.conf to
> have the rsyncd run with 'uid=backuppc' and 'gid=backuppc' privs, set
> in the global section. Then I add backuppc to the appropriate group
> in /etc/group as below.
> In this way, rsync will have read permissions only for those users who
> have made their files g+rX and who have agreed to have the backuppc
> user added to their group in /etc/group.
> ie 'minas' is a user who has his /home/dir set as
> drwxr-x--- 39 minas minas 4096 2009-02-06 23:01 /home/minas
> I've tried to have address this by setting his /etc/group line as:
> expecting that since 'backuppc' is now a member of the 'minas' group,
> rsync running with 'backuppc' privs can read the files 'minas' user
> allows the 'minas' group to read. This change allows the 'backuppc'
> user to read those files from the shell.
> However, this does not work for the backup (rsyncd refuses to read the
> files with an entry in /var/log/rsyncd.log:
On Fri, 2009-02-13 at 09:21 -0800, Harry Mangalam wrote:
> 2009/02/13 09:06:28  rsync: link_stat "." (in minas) failed:
> Permission denied (13)
The problem is that the daemon takes on only the specified uid and gid,
not the supplementary groups of the uid. The attached patch (also in
wip/supplementary-groups of my repository) adds a daemon parameter to
take on the supplementary groups. Please test this and tell us whether
it works for you.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4952 bytes
Desc: not available
Url : http://lists.samba.org/archive/rsync/attachments/20090214/4be7def4/supplementary-groups.bin
More information about the rsync