[OpenIndiana-discuss] rsyncd configuration

Sebastian Gabler sequoiamobil at gmx.net
Fri Mar 27 13:55:25 UTC 2015


Hi Bob,

thanks. That was it. Meanwhile I even found it from the horse's mouth:

"The default when run by a super-user is to switch to the system's 
"nobody" user."  See: https://www.samba.org/ftp/rsync/rsyncd.conf.html

In a nutshell, rsync is doing work as nobody specifically run as root. 
That's why the "o" - flags matter. I think one should add the "read only 
= yes" option, too. Just in case when somebody gets access to the backup 
server, he can't do rogue restore everywhere.

BR,

Sebastian

Am 27.03.2015 um 13:00 schrieb openindiana-discuss-request at openindiana.org:
> Message: 2
> Date: Thu, 26 Mar 2015 08:34:01 -0500 (CDT)
> From: Bob Friesenhahn<bfriesen at simple.dallas.tx.us>
> To: Discussion list for OpenIndiana
> 	<openindiana-discuss at openindiana.org>
> Subject: Re: [OpenIndiana-discuss] rsyncd configuration
> Message-ID:
> 	<alpine.GSO.2.01.1503260825260.4186 at freddy.simplesystems.org>
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
> On Thu, 26 Mar 2015, Sebastian Gabler wrote:
>
>> >Hi,
>> >
>> >I am trying to solve a problem that i have ignored for quite a long time. The
>> >issue is that "messages" are flooded with rsync permission errors, and that
>> >some files are not backed up properly. What I have found so far is the
>> >following:
>> >- rsyncd is running as "root"
> Check your rsyncd.conf file.  For example, one of my rsyncd.conf files
> starts with:
>
> uid = nobody
> gid = nobody
>
>
> so that rsync changes its effective uid to 'nobody' before doing
> anything.  This is pretty common since rsyncd is often used in
> evironments with untrusted users.
>
> On another rsyncd.conf file which is used to successfully transfer ssh
> private key files, I am using
>
> uid = root
> gid = root
>
> Bob
> -- Bob Friesenhahn bfriesen at simple.dallas.tx.us, 
> http://www.simplesystems.org/users/bfriesen/ GraphicsMagick 
> Maintainer, http://www.GraphicsMagick.org/




More information about the openindiana-discuss mailing list