Hey folks,
When I run rsyncd from xinetd and try to rsync I will get permission
denied error:
rsync: chdir /home/test failed : Permission denied (13)
If I shutdown xinetd and start standalone daemon ( rsync --daemon
--config /etc/rsyncd.conf) everything works as expected.
This is my xinetd config for rsync:
service rsync
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
This is my rsyncd.conf
strict modes = false
use chroot = false
max verbosity = 3
[cvs1]
path = /home/test
auth users = user1
secrets file = /etc/rsync-passwords.txt
read only = yes
list = yes
uid = root
gid = root
/etc/rsync-passwords.txt
user1:test
permissions for the directory:
[root@centos1 ~]# ll /home/test -d
drwxrwxrwx 2 root root 4096 Nov 25 00:15 /home/test
Thanks
On Sun, 2007-11-25 at 17:37 -0500, freightcar@gmail.com wrote:> When I run rsyncd from xinetd and try to rsync I will get permission > denied error: > > rsync: chdir /home/test failed : Permission denied (13)That's very bizarre, since the daemon is ostensibly running as root and the permissions on /home/test clearly should allow the chdir. Make sure that xinetd is running as root so that it can launch the rsync daemon as root. Set a shell script like the following as the "server" in the xinetd configuration to verify that the daemon is running as root and to strace it to get more information about the failed chdir: #!/bin/bash echo $UID $EUID >/tmp/rsync.ids exec strace -f -o /tmp/rsync.strace /usr/bin/rsync --daemon Matt
On Nov 26, 2007 11:38 PM, Matt McCutchen <matt@mattmccutchen.net> wrote:> On Sun, 2007-11-25 at 17:37 -0500, freightcar@gmail.com wrote:> root. Set a shell script like the following as the "server" in the > xinetd configuration to verify that the daemon is running as root and to > strace it to get more information about the failed chdir: > > #!/bin/bash > echo $UID $EUID >/tmp/rsync.ids > exec strace -f -o /tmp/rsync.strace /usr/bin/rsync --daemon >I have set the script as server, here is the section of strace output for both scenarios: xinetd: 11891 open("/etc/group", O_RDONLY) = 4 11891 fcntl64(4, F_GETFD) = 0 11891 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 11891 fstat64(4, {st_mode=S_IFREG|0644, st_size=702, ...}) = 0 11891 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d04000 11891 read(4, "root:x:0:root,rsync,henro\nbin:x:"..., 4096) = 702 11891 close(4) = 0 11891 munmap(0xb7d04000, 4096) = 0 11891 chdir("/home/test") = -1 EACCES (Permission denied) 11891 time(NULL) = 1196105171 standalone daemon: 11942 open("/etc/group", O_RDONLY) = 4 11942 fcntl64(4, F_GETFD) = 0 11942 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 11942 fstat64(4, {st_mode=S_IFREG|0644, st_size=702, ...}) = 0 11942 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f8c000 11942 read(4, "root:x:0:root,rsync,henro\nbin:x:"..., 4096) = 702 11942 close(4) = 0 11942 munmap(0xb7f8c000, 4096) = 0 11942 chdir("/home/test") = 0 11942 setgid32(0) = 0 11942 setgroups32(1, [0]) = 0 11942 setuid32(0) = 0 11942 geteuid32() = 0 11942 select(7, NULL, [6], NULL, {60, 0}) = 1 (out [6], left {60, 0}) 11942 write(6, "@RSYNCD: OK\n", 12) = 12
"henro001@gmail.com" <henro001@gmail.com> wrote:>> Hmm. Bizarre things happening when root and different behaviour when run >> as a daemon versus from the command line. Those are the sort of symptoms >> one gets from SELinux denials. Is SELinux enabled on this system? > > >I am not aware of SE linux running on this system unless centos is >enabling this by default. How do I check? (I know I should not ask...) > >[root@centos1 ~]# uname -a >Linux centos1.tekran.com 2.6.18-8.el5 #1 SMP Thu Mar 15 19:57:35 EDT >2007 i686 i686 i386 GNU/LinuxIt depends how CentOS was installed, but SELinux probably is enabled. The command sestatus will tell you. You can control SELinux using the setenforce command or by editing /etc/selinux/config. Disabling it completely may require a reboot. Ron
On Tue, 2007-11-27 at 17:54 -0500, henro001@gmail.com wrote:> I am not aware of SE linux running on this system unless centos is > enabling this by default. How do I check? (I know I should not ask...)I know I should not answer, but run "selinuxenabled; echo $?". Zero means enabled, one means disabled. Matt
selinux is enabled. I changed enforcing to permissive mode and it works now. i think i should check to see if it is necessary to run it on my system and no matter what I learn - just disable it. thank you guys for your help.