uid/gid settings in rsyncd.conf not respected?

[Matt McCutchen]

On Thu, 2009-02-12 at 21:23 -0800, Harry Mangalam wrote:
> I've created a special user to backup a server which has some users 
> who don't want all their files backed up, so I'm trying to address 
> their concerns by using the uid= and gid= lines in rsyncd.conf to 
> have the rsyncd run with 'uid=backuppc' and 'gid=backuppc' privs, set 
> in the global section.  Then I add backuppc to the appropriate group 
> in /etc/group as below.
> 
> In this way, rsync will have read permissions only for those users who 
> have made their files g+rX and who have agreed to have the backuppc 
> user added to their group in /etc/group.
> 
> ie 'minas' is a user who has his /home/dir set as 
> drwxr-x--- 39 minas minas 4096 2009-02-06 23:01 /home/minas
> 
> I've tried to have address this by setting his /etc/group line as:
> 
> minas:x:1000:backuppc
> 
> expecting that since 'backuppc' is now a member of the 'minas' group, 
> rsync running with 'backuppc' privs can read the files 'minas' user 
> allows the 'minas' group to read.  This change allows the 'backuppc' 
> user to read those files from the shell.
> 
> However, this does not work for the backup (rsyncd refuses to read the 
> files with an entry in /var/log/rsyncd.log:

On Fri, 2009-02-13 at 09:21 -0800, Harry Mangalam wrote:
> 2009/02/13 09:06:28 [9818] rsync: link_stat "." (in minas) failed: 
> Permission denied (13)

The problem is that the daemon takes on only the specified uid and gid,
not the supplementary groups of the uid.  The attached patch (also in
wip/supplementary-groups of my repository) adds a daemon parameter to
take on the supplementary groups.  Please test this and tell us whether
it works for you.

-- 
Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: supplementary-groups.patch
Type: text/x-patch
Size: 4952 bytes
Desc: not available
Url : http://lists.samba.org/archive/rsync/attachments/20090214/4be7def4/supplementary-groups.bin