Using rsync to mirror directories where root owns file, using non-root user to initiate session
Kevin Korb
kmk at sanitarium.net
Wed Jun 20 16:29:09 MDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://www.sanitarium.net/rsyncfaq/#sudo
On 06/20/12 18:26, PEOPLES, MICHAEL P wrote:
> I have spent a day researching and attempting to debug this issue.
> I am hoping someone can tell me how (or disabuse me of the delusion
> that it's possible) to do the following:
>
> - Mirror the contents of a directory on one server to a remote
> server where there are diverse ownership and permissions
>
> - File and directory ownership on both the source and destination
> servers would normally prevent the user account initiating the
> rsync session from accessing, modifying, or changing attributes of
> the files and directories in question
>
> - Session authentication of the initiating user on the remote
> server must be by public key
>
> - No root logins are permitted on either server
>
> I can successfully transfer the files with the user account, but if
> the files have ownership attributes that need to be set on the
> remote (destination) server, using the --owner, --group, and/or
> --perms options produces errors indicating the "Operation is not
> permitted". When logged into the remote server as the user, I
> still cannot modify the attributes, only root (super user) can do
> this. The "--super" command line option appears to have no
> effect.
>
> Both servers are Red Hat Linux. I am using rsync 3.0.9.
>
> The only way I can conceive of doing this would be to record the
> file attributes, transfer the files (along with a record of their
> attributes), then run a script using sudo that would move the files
> into their final location and set the attributes. This, however,
> would seem to defeat much of the purpose of rsync.
>
> The manuals suggest there is a way to invoke super user
> functionality when contacting a daemon instance, but I could not
> get this to work. However, this appears to require contacting an
> rsync daemon started by root. Attempting to perform the rsync,
> while simultaneously using the public key, which can only be used
> when "ssh" is invoked, seems to exclude the use of the daemon on
> the remote side, effectively running the entire rsync session as
> the user without elevated privileges.
>
> In short, I want to copy files from one server to another, and have
> all ownership and permissions preserved (including root), using
> rsync to perform "privileged" operations to set file attributes
> properly and a public key to authenticate the user.
>
> Thanks.
>
>
> Michael Peoples (mp4783) Senior Systems Manager AT&T - ATTSI
> Office/Cell: 614-886-0923
> mpeoples at att.com<mailto:mpeoples at att.com>
>
> This e-mail and any files transmitted with it are AT&T property,
> are confidential, and are intended solely for the use of the
> individual or entity to whom this email is addressed. If you are
> not one of the named recipient(s) or otherwise have reason to
> believe that you have received this message in error, please notify
> the sender and delete this message immediately from your computer.
> Any other use, retention, dissemination, forwarding, printing, or
> copying of this e-mail is strictly prohibited."
>
>
>
- --
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
Kevin Korb Phone: (407) 252-6853
Systems Administrator Internet:
FutureQuest, Inc. Kevin at FutureQuest.net (work)
Orlando, Florida kmk at sanitarium.net (personal)
Web page: http://www.sanitarium.net/
PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/iTrUACgkQVKC1jlbQAQcgXwCeKYU/ES3s1Hs3qS3rVO7MiWmS
MhkAniWNqB05p38ZGGWRP9HCcSGdYBD2
=OdwZ
-----END PGP SIGNATURE-----
More information about the rsync
mailing list