uid/gid settings in rsyncd.conf not respected?

Harry Mangalam harry.mangalam at uci.edu
Thu Mar 5 17:37:19 GMT 2009


It looks like Waynes changes do what I wanted.

If I understand Wayne's changes in the dev version correctly, my 
rsyncd.conf would look like:

rsyncd.conf
============
#GLOBAL OPTIONS
 ...
uid = root
gid = root
 ...
[STDMODULE]
   ...
#   uid = commented out
#   gid = commented out
   ...

[MYMODULE]
   ...
   uid = backuppc
   # next line allows rsync to have the perms of any group backuppc 
   # belongs to
   gid = * 
   ...

[YOURMODULE]
   ...
   uid = you
   gid = * # ditto
   ...


to allow rsync to use the permissions of 'root' to read [STDMODULE] 
(GLOBAL not overridden), 'backuppc' permissions to read [MYMODULE], 
and 'you' permissions to read [YOURMODULE].

I tried this (with rsync-HEAD-20090305-0445GMT) and it WORKED (at 
least for my requirements).

The daemon is running when idle is owned by root, but when the backup 
ran, it spawned another rsync daemon that ran as 'backuppc':

root     18748  0.0  0.0   2404   528 ?        Ss   09:01   
0:00 /usr/bin/rsync --daemon --config /etc/rsyncd.conf

backuppc 19297  6.2  0.0   4056  2392 ?        D    09:07   
0:00 /usr/bin/rsync --daemon --config /etc/rsyncd.conf

(lines folded but during the run there are 2 rsyncd's running, one as 
root, one as backuppc)

I have a file called sortaprivate which has perms:

-rw-r-----  1 hjm  hjm         146 2009-03-04 15:08 sortaprivate

My /etc/group has an entry:
hjm:x:1000:backuppc

so if rsync was running as backuppc, it should have been able to read 
that file, and finally, it does.

Thanks to Wayne and Matt for their patience and code.

Harry



On Friday 20 February 2009, Wayne Davison wrote:
> On Sat, Feb 14, 2009 at 08:53:22PM -0500, Matt McCutchen wrote:
> > The attached patch (also in wip/supplementary-groups of my
> > repository) adds a daemon parameter to take on the supplementary
> > groups.
>
> I went a little different route than this path by allowing the user
> to specify one or more groups via the gid setting.  It will also
> expand the string "*" (if specified as the first item) into the
> normal grouplist for the requested user.  I then changed a
> non-super-user daemon-run to default the uid/gid parameters to
> NULL, which allows rsync to know if the user requested a value, and
> it will now complain if a specified setting fails.  A super-user
> run still defaults to nobody if unspecified.
>
> ..wayne..



-- 
Harry Mangalam - Research Computing, NACS, E2148, Engineering Gateway, 
UC Irvine 92697  949 824-0084(o), 949 285-4487(c)
---
Good judgment comes from experience; 
Experience comes from bad judgment. [F. Brooks.]


More information about the rsync mailing list