PEOPLES, MICHAEL P
2012-Jun-20 22:26 UTC
Using rsync to mirror directories where root owns file, using non-root user to initiate session
I have spent a day researching and attempting to debug this issue. I am hoping someone can tell me how (or disabuse me of the delusion that it's possible) to do the following: - Mirror the contents of a directory on one server to a remote server where there are diverse ownership and permissions - File and directory ownership on both the source and destination servers would normally prevent the user account initiating the rsync session from accessing, modifying, or changing attributes of the files and directories in question - Session authentication of the initiating user on the remote server must be by public key - No root logins are permitted on either server I can successfully transfer the files with the user account, but if the files have ownership attributes that need to be set on the remote (destination) server, using the --owner, --group, and/or --perms options produces errors indicating the "Operation is not permitted". When logged into the remote server as the user, I still cannot modify the attributes, only root (super user) can do this. The "--super" command line option appears to have no effect. Both servers are Red Hat Linux. I am using rsync 3.0.9. The only way I can conceive of doing this would be to record the file attributes, transfer the files (along with a record of their attributes), then run a script using sudo that would move the files into their final location and set the attributes. This, however, would seem to defeat much of the purpose of rsync. The manuals suggest there is a way to invoke super user functionality when contacting a daemon instance, but I could not get this to work. However, this appears to require contacting an rsync daemon started by root. Attempting to perform the rsync, while simultaneously using the public key, which can only be used when "ssh" is invoked, seems to exclude the use of the daemon on the remote side, effectively running the entire rsync session as the user without elevated privileges. In short, I want to copy files from one server to another, and have all ownership and permissions preserved (including root), using rsync to perform "privileged" operations to set file attributes properly and a public key to authenticate the user. Thanks. Michael Peoples (mp4783) Senior Systems Manager AT&T - ATTSI Office/Cell: 614-886-0923 mpeoples at att.com<mailto:mpeoples at att.com> This e-mail and any files transmitted with it are AT&T property, are confidential, and are intended solely for the use of the individual or entity to whom this email is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited."
Kevin Korb
2012-Jun-20 22:29 UTC
Using rsync to mirror directories where root owns file, using non-root user to initiate session
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.sanitarium.net/rsyncfaq/#sudo On 06/20/12 18:26, PEOPLES, MICHAEL P wrote:> I have spent a day researching and attempting to debug this issue. > I am hoping someone can tell me how (or disabuse me of the delusion > that it's possible) to do the following: > > - Mirror the contents of a directory on one server to a remote > server where there are diverse ownership and permissions > > - File and directory ownership on both the source and destination > servers would normally prevent the user account initiating the > rsync session from accessing, modifying, or changing attributes of > the files and directories in question > > - Session authentication of the initiating user on the remote > server must be by public key > > - No root logins are permitted on either server > > I can successfully transfer the files with the user account, but if > the files have ownership attributes that need to be set on the > remote (destination) server, using the --owner, --group, and/or > --perms options produces errors indicating the "Operation is not > permitted". When logged into the remote server as the user, I > still cannot modify the attributes, only root (super user) can do > this. The "--super" command line option appears to have no > effect. > > Both servers are Red Hat Linux. I am using rsync 3.0.9. > > The only way I can conceive of doing this would be to record the > file attributes, transfer the files (along with a record of their > attributes), then run a script using sudo that would move the files > into their final location and set the attributes. This, however, > would seem to defeat much of the purpose of rsync. > > The manuals suggest there is a way to invoke super user > functionality when contacting a daemon instance, but I could not > get this to work. However, this appears to require contacting an > rsync daemon started by root. Attempting to perform the rsync, > while simultaneously using the public key, which can only be used > when "ssh" is invoked, seems to exclude the use of the daemon on > the remote side, effectively running the entire rsync session as > the user without elevated privileges. > > In short, I want to copy files from one server to another, and have > all ownership and permissions preserved (including root), using > rsync to perform "privileged" operations to set file attributes > properly and a public key to authenticate the user. > > Thanks. > > > Michael Peoples (mp4783) Senior Systems Manager AT&T - ATTSI > Office/Cell: 614-886-0923 > mpeoples at att.com<mailto:mpeoples at att.com> > > This e-mail and any files transmitted with it are AT&T property, > are confidential, and are intended solely for the use of the > individual or entity to whom this email is addressed. If you are > not one of the named recipient(s) or otherwise have reason to > believe that you have received this message in error, please notify > the sender and delete this message immediately from your computer. > Any other use, retention, dissemination, forwarding, printing, or > copying of this e-mail is strictly prohibited." > > >- -- ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~ Kevin Korb Phone: (407) 252-6853 Systems Administrator Internet: FutureQuest, Inc. Kevin at FutureQuest.net (work) Orlando, Florida kmk at sanitarium.net (personal) Web page: http://www.sanitarium.net/ PGP public key available on web site. ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/iTrUACgkQVKC1jlbQAQcgXwCeKYU/ES3s1Hs3qS3rVO7MiWmS MhkAniWNqB05p38ZGGWRP9HCcSGdYBD2 =OdwZ -----END PGP SIGNATURE-----
Matthias Schniedermeyer
2012-Jun-22 08:51 UTC
Using rsync to mirror directories where root owns file, using non-root user to initiate session
On 20.06.2012 22:26, PEOPLES, MICHAEL P wrote:> I have spent a day researching and attempting to debug this issue. I am hoping someone can tell me how (or disabuse me of the delusion that it's possible) to do the following:... If running a command as root via sudo is acceptable. I had the exact same problem 2 days ago. I had to backup a machine where i only got a user-login, with sudo privilege. So after some googleing i tried (As root on the target machine, but you can also sudo that): rsync -avPxHz --delete --numeric-ids --rsync-path='sudo rsync' -e ssh user at remote:/ ./ and it worked, of course that only works if (remote) sudo doesn't ask for a password. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous.