uid/gid settings in rsyncd.conf not respected?

Harry Mangalam harry.mangalam at uci.edu
Thu Mar 5 01:01:29 GMT 2009 

Hi Matt,

In your patch that you graciously provided me to provide supplementary 
groups capability, you didn't say how it was supposed to be 
specified.  I thought it was working the first time I used it, but I 
was mistaken.  I forgot to add the supplementary groups option but 
it's unclear how it's supposed to work.
 It's an rsyncd.conf parameter but what is the format?

Here's how I tried it:

rsyncd.conf
============
#GLOBAL OPTIONS
 ...
uid = root
gid = root
supplementary groups = TRUE # like this?
 ...
[MODULE]
   ...
   uid = someuser
   gid = somegroup
   ...

to allow rsync to use the permissions of 'someuser' to read MODULE?

I'm missing something as the above doesn't work.

harry

The header in your path said this:

[PATCH] Add "supplementary groups" daemon parameter to take on the 
supplementary  groups of the specified "uid" as well as the 
specified "gid".




On Saturday 14 February 2009, Matt McCutchen wrote:
> On Thu, 2009-02-12 at 21:23 -0800, Harry Mangalam wrote:
> > I've created a special user to backup a server which has some
> > users who don't want all their files backed up, so I'm trying to
> > address their concerns by using the uid= and gid= lines in
> > rsyncd.conf to have the rsyncd run with 'uid=backuppc' and
> > 'gid=backuppc' privs, set in the global section.  Then I add
> > backuppc to the appropriate group in /etc/group as below.
> >
> > In this way, rsync will have read permissions only for those
> > users who have made their files g+rX and who have agreed to have
> > the backuppc user added to their group in /etc/group.
> >
> > ie 'minas' is a user who has his /home/dir set as
> > drwxr-x--- 39 minas minas 4096 2009-02-06 23:01 /home/minas
> >
> > I've tried to have address this by setting his /etc/group line
> > as:
> >
> > minas:x:1000:backuppc
> >
> > expecting that since 'backuppc' is now a member of the 'minas'
> > group, rsync running with 'backuppc' privs can read the files
> > 'minas' user allows the 'minas' group to read.  This change
> > allows the 'backuppc' user to read those files from the shell.
> >
> > However, this does not work for the backup (rsyncd refuses to
> > read the files with an entry in /var/log/rsyncd.log:
>
> On Fri, 2009-02-13 at 09:21 -0800, Harry Mangalam wrote:
> > 2009/02/13 09:06:28 [9818] rsync: link_stat "." (in minas)
> > failed: Permission denied (13)
>
> The problem is that the daemon takes on only the specified uid and
> gid, not the supplementary groups of the uid.  The attached patch
> (also in wip/supplementary-groups of my repository) adds a daemon
> parameter to take on the supplementary groups.  Please test this
> and tell us whether it works for you.



-- 
Harry Mangalam - Research Computing, NACS, E2148, Engineering Gateway, 
UC Irvine 92697  949 824-0084(o), 949 285-4487(c)
---
Good judgment comes from experience; 
Experience comes from bad judgment. [F. Brooks.]

More information about the rsync mailing list