samba-bugs at samba.org
2014-Dec-17 02:41 UTC
[Bug 11013] New: [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage
https://bugzilla.samba.org/show_bug.cgi?id=11013 Bug ID: 11013 Summary: [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage Product: rsync Version: 3.1.1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: core Assignee: wayned at samba.org Reporter: m at mmap.at QA Contact: rsync-qa at samba.org Created attachment 10544 --> https://bugzilla.samba.org/attachment.cgi?id=10544&action=edit Proposed patch for rsyncd.conf.yo The manpage of rsyncd.conf says when "use chroot" is enabled this is "as though --numeric-ids had been specified". When rsyncing a file from host A to host B using: rsync -av sometestfile rsync://some_test_user at hostB/backup/ the uid and the gid of the source file on host A are not set accordingly on host B. Even not if --numeric-ids is specified explicitly, on both server and client side. Relevant part of the server config: use chroot = yes [backup] list = yes path = /zdata/backup/ comment = Some comment read only = no auth users = some_test_user secrets file = /usr/local/etc/rsync/rsyncd.secrets numeric ids = yes I fixed that by adding "uid = root" to rsyncd.conf. The manpage does not mention that behavior at all. -- You are receiving this mail because: You are the QA Contact for the bug.
Kevin Korb
2014-Dec-17 02:45 UTC
[Bug 11013] New: [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Only root can chown. If rsync isn't running as root then it ignores the --owner part of --archive. This also makes --numeric-ids inert. Simply put, if you aren't running as root then you can only create files owned by your UID. Rsync knows this. Rsync assumes that if you aren't root you didn't intend the --owner (or --group) part of - --archive and it ignores those features. On 12/16/2014 09:41 PM, samba-bugs at samba.org wrote:> https://bugzilla.samba.org/show_bug.cgi?id=11013 > > Bug ID: 11013 Summary: [patch] Mention that privileges are dropped, > when "use chroot" is enabled in rsyncd.conf manpage Product: rsync > Version: 3.1.1 Hardware: All OS: All Status: NEW Severity: trivial > Priority: P5 Component: core Assignee: wayned at samba.org Reporter: > m at mmap.at QA Contact: rsync-qa at samba.org > > Created attachment 10544 --> > https://bugzilla.samba.org/attachment.cgi?id=10544&action=edit > Proposed patch for rsyncd.conf.yo > > The manpage of rsyncd.conf says when "use chroot" is enabled this > is "as though --numeric-ids had been specified". > > When rsyncing a file from host A to host B using: rsync -av > sometestfile rsync://some_test_user at hostB/backup/ > > the uid and the gid of the source file on host A are not set > accordingly on host B. Even not if --numeric-ids is specified > explicitly, on both server and client side. > > Relevant part of the server config: > > use chroot = yes > > [backup] list = yes path = /zdata/backup/ comment = Some comment > read only = no auth users = some_test_user secrets file > /usr/local/etc/rsync/rsyncd.secrets numeric ids = yes > > I fixed that by adding "uid = root" to rsyncd.conf. > > The manpage does not mention that behavior at all. >- -- ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~ Kevin Korb Phone: (407) 252-6853 Systems Administrator Internet: FutureQuest, Inc. Kevin at FutureQuest.net (work) Orlando, Florida kmk at sanitarium.net (personal) Web page: http://www.sanitarium.net/ PGP public key available on web site. ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSQ7jsACgkQVKC1jlbQAQdldACfROGAvzkt8+nKufR5SGpjhywj wMwAn0c20owgq3dsMs9qYe3J0qpQWRok =1D2O -----END PGP SIGNATURE-----
Karl O. Pinc
2014-Dec-17 15:12 UTC
[Bug 11013] New: [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage
On 12/16/2014 08:45:15 PM, Kevin Korb wrote:> Only root can chown. If rsync isn't running as root then it ignores > the --owner part of --archive. This also makes --numeric-ids inert. > > Simply put, if you aren't running as root then you can only create > files owned by your UID. Rsync knows this. Rsync assumes that if > you > aren't root you didn't intend the --owner (or --group) part of > --archive and it ignores those features.Rsync has enough options that it seems it can be smarter than it's users. It could be worth adding a --stupid option to tell rsync to be stupid and complain instead of doing smart things. This would help people diagnose just what rsync is doing. I'm sure this is a lot more work than it sounds. There might be better ways of reporting what's happening than by complaining. A displayed table of which options are on/off or have what value comes to mind. (Too bad that --stupid would not be the right option name for this. :-) Just a thought. Karl <kop at meme.com> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein
samba-bugs at samba.org
2015-Dec-21 19:58 UTC
[Bug 11013] [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage
https://bugzilla.samba.org/show_bug.cgi?id=11013 Wayne Davison <wayned at samba.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Wayne Davison <wayned at samba.org> --- I've improved the "use chroot" & "numeric ids" sections to make this a little clearer. -- You are receiving this mail because: You are the QA Contact for the bug.
Apparently Analagous Threads
- [Bug 11013] New: [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage
- [Bug 988] New: manpage: mention that REJECT should be used with care
- Fwd: Re: rsyncd.conf chroot yes problem with symlink-ing
- rsyncd.conf chroot yes problem with symlink-ing
- clean up your cre dit report 4859UYZo9-12-11