uid/gid settings in rsyncd.conf not respected?
Harry Mangalam
harry.mangalam at uci.edu
Thu Mar 5 17:37:19 GMT 2009
It looks like Waynes changes do what I wanted.
If I understand Wayne's changes in the dev version correctly, my
rsyncd.conf would look like:
rsyncd.conf
============
#GLOBAL OPTIONS
...
uid = root
gid = root
...
[STDMODULE]
...
# uid = commented out
# gid = commented out
...
[MYMODULE]
...
uid = backuppc
# next line allows rsync to have the perms of any group backuppc
# belongs to
gid = *
...
[YOURMODULE]
...
uid = you
gid = * # ditto
...
to allow rsync to use the permissions of 'root' to read [STDMODULE]
(GLOBAL not overridden), 'backuppc' permissions to read [MYMODULE],
and 'you' permissions to read [YOURMODULE].
I tried this (with rsync-HEAD-20090305-0445GMT) and it WORKED (at
least for my requirements).
The daemon is running when idle is owned by root, but when the backup
ran, it spawned another rsync daemon that ran as 'backuppc':
root 18748 0.0 0.0 2404 528 ? Ss 09:01
0:00 /usr/bin/rsync --daemon --config /etc/rsyncd.conf
backuppc 19297 6.2 0.0 4056 2392 ? D 09:07
0:00 /usr/bin/rsync --daemon --config /etc/rsyncd.conf
(lines folded but during the run there are 2 rsyncd's running, one as
root, one as backuppc)
I have a file called sortaprivate which has perms:
-rw-r----- 1 hjm hjm 146 2009-03-04 15:08 sortaprivate
My /etc/group has an entry:
hjm:x:1000:backuppc
so if rsync was running as backuppc, it should have been able to read
that file, and finally, it does.
Thanks to Wayne and Matt for their patience and code.
Harry
On Friday 20 February 2009, Wayne Davison wrote:
> On Sat, Feb 14, 2009 at 08:53:22PM -0500, Matt McCutchen wrote:
> > The attached patch (also in wip/supplementary-groups of my
> > repository) adds a daemon parameter to take on the supplementary
> > groups.
>
> I went a little different route than this path by allowing the user
> to specify one or more groups via the gid setting. It will also
> expand the string "*" (if specified as the first item) into the
> normal grouplist for the requested user. I then changed a
> non-super-user daemon-run to default the uid/gid parameters to
> NULL, which allows rsync to know if the user requested a value, and
> it will now complain if a specified setting fails. A super-user
> run still defaults to nobody if unspecified.
>
> ..wayne..
--
Harry Mangalam - Research Computing, NACS, E2148, Engineering Gateway,
UC Irvine 92697 949 824-0084(o), 949 285-4487(c)
---
Good judgment comes from experience;
Experience comes from bad judgment. [F. Brooks.]
More information about the rsync
mailing list