Michael Carmody
2006-Oct-06 05:42 UTC
Backing up individual user home dirs using user privs.
Hey All, After RTM, web page and searching the archives, I felt it worth a shot at mailing the list with my query. I am looking at using rsync and various third party GUI's (rsyncX, nasbackup) to backup our departmental desktops to our nice new multi-terabyte fileserver. When we run rsync in daemon mode, it of course runs as nobody:nogroup and I am aware of being able to set that to any other given user. But we want to backup the users desktops to their home directory on the server, /home/user1, /home/user2 which are of course owned by user1 and user2. When we rsync to this the rsync daemon running as nobody cannot write to the home directories. So I have two problems, how do i get rsync to take on the permissions of the user uploading their backup ? And how do I configure rsyncd.conf to create "home" modules per user ? ATM we have a [homes] which points to /home, but we are only relying on file permissions to restrict users to their directory, ( or would if permissions were being set to the right user at login) can we do a samba style homes config ? -Michael Carmody Dept of Microbiology and Immunology The University of Melbourne
Michael,
I do something similar with my rsync server as follows.
- Run rsync in daemon mode on the server as root. Globals looks like this...
#### Globals
motd file = /etc/rsyncd/motd
log file = /var/log/rsync.log
transfer logging = yes
address = 127.0.0.1
pid file = /var/run/rsyncd.pid
# defaults - override in modules as needed
max connections = 4
secrets file = /etc/rsyncd/rsyncd.secrets
strict modes = true
read only = false
timeout = 900
- Create a module for each user in the rsyncd.conf file similar to this...
[test]
# replicating files from user test
comment = test client setup
path = /home/test
use chroot = true
max connections = 2
lock file = /var/lock/rsyncd/test.lock
list = false
uid = 503
gid = 503
auth users = test
incoming chmod = Dg=s,Dug=rwx,Do-rwx,Fug=rw,Fo-rwx
In this case, username is test with uid=503 and gid=503. Each user
connects to the rsync server as themselves and has access only to their
own personal subtree. With chroot=true, you can create a ~/etc with
localtime to fix the logging - search list for details. You can point
the uploads to go to a subdir such as ~/desktop to prevent collisions
and to use history if you want. I use subtrees ~/current and ~/history
to maintain versions, but they add up fast. You might want to use
excludes to block various large files.
If the only thing your rsyncd is doing is this kind of backup, you can
pull some of the module statements into the global section to slim down
each module. Unfortunately, you still end up with a module per user,
which can create a large rsyncd.conf.
The modules can be created and appended by script if needed. Also, you
will need to set up an rsync password for each user and if you are
replicating over a public network, I would recommend that you use ssh
keys for connecting, instead of ssh password. I run sshd on the server
and port forward to the rsync port. rsyncd is set to only listen to the
loopback interface. Each user also has a ~/.ssh dir with an
authorize_keys file.
On the client side, I have a script that invokes plink (from putty) to
open a connection and port forward to the rsync port using the user's
ssh key. Then I open a direct rsync connection to the daemon via the
open tunnel. Takes a little process coordination, but it works for me.
The script is invoked by the windows scheduler.
You mentioned samba in your message. Have you looked at samba with
roaming profiles?
Also, see list re: incoming chmod - I came across a problem that
required patches and the latest stable rsync, not the last release. The
patches are already folded into the latest stable available for
download, I'm pretty sure.
Good Luck
Bill Uhl
GreenLight Networks, LLC