rsync - Nov 2003 - rsync : permission denied

I have 2 servers I'm keeping synch'ed via rsync
intel rh9 boxes with 2.4.20 kernel with xfs (1.3.0), acl, quota... and ootb
rsync 2.5.5 rpm

it works fine since a while

recently I created a directory with restricted access, and I get
"permission denied" error messages. this directory named RESTRICTED
belongs
to user "user1" group "group1" and has drwxrwx--- access, +
explicit acls
(see below)

on both sides (client and server) I'm running as root, as you'll see
below,
and it doesn't work thought root is supposed to have an implicit access

I tried to give an explicit root access through ACLs, but it doesn't work

on the other hand, if I give "other" rx rights, it works fine.

the problem is that it is NOT secure to give "other" a read/execute
access
to this directory, nor is it possible to change the user or group owners


[root@master dir]# getfacl RESTRICTED/
# file: RESTRICTED
# owner: user1
# group: group1
user::rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:group1:rwx
default:mask::rwx
default:other::---


[root@master dir]# ls -ald RESTRICTED/
drwxrwxr-x    5 user1   group1    16384 nov 20 18:00 RESTRICTED/


[root@master dir]# cat /etc/xinetd.d/rsync 
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
#       allows crc checksumming etc.
service rsync
{
        disable = no
        # *** disable   = yes
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/bin/rsync
        server_args     = --daemon
        log_on_failure  += USERID
}



How does rsync check permissions ??? is it ACL compatible ?

thanks for advice

Please cc me (thierry.itty@besancon.org) I'm not subscribed

I've been following this list for several months, and
there has been discussion about ACL's, but I believe
that ACL's have NOT been included in rsync so far, and
especially not in version 2.5.5.

Based on the information you've given so far, I haven't
been able to reproduce your problem.  I am able to rsync
as the root user a directory that is owned by an
unprivileged user, and the directory I'm rsync'ing
has drwxrwx--- permissions - same as yours.

Please paste in the exact command you're using to do the
rsync.

-- 
Hardy Merrill
Red Hat, Inc.

Thierry ITTY [thierry.itty@besancon.org] wrote:
> I have 2 servers I'm keeping synch'ed via rsync
> intel rh9 boxes with 2.4.20 kernel with xfs (1.3.0), acl, quota... and ootb
> rsync 2.5.5 rpm
> 
> it works fine since a while
> 
> recently I created a directory with restricted access, and I get
> "permission denied" error messages. this directory named
RESTRICTED belongs
> to user "user1" group "group1" and has drwxrwx---
access, + explicit acls
> (see below)
> 
> on both sides (client and server) I'm running as root, as you'll
see below,
> and it doesn't work thought root is supposed to have an implicit access
> 
> I tried to give an explicit root access through ACLs, but it doesn't
work
> 
> on the other hand, if I give "other" rx rights, it works fine.
> 
> the problem is that it is NOT secure to give "other" a
read/execute access
> to this directory, nor is it possible to change the user or group owners
> 
> 
> [root@master dir]# getfacl RESTRICTED/
> # file: RESTRICTED
> # owner: user1
> # group: group1
> user::rwx
> group::rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::rwx
> default:group:group1:rwx
> default:mask::rwx
> default:other::---
> 
> 
> [root@master dir]# ls -ald RESTRICTED/
> drwxrwxr-x    5 user1   group1    16384 nov 20 18:00 RESTRICTED/
> 
> 
> [root@master dir]# cat /etc/xinetd.d/rsync 
> # default: off
> # description: The rsync server is a good addition to an ftp server, as it
\
> #       allows crc checksumming etc.
> service rsync
> {
>         disable = no
>         # *** disable   = yes
>         socket_type     = stream
>         wait            = no
>         user            = root
>         server          = /usr/bin/rsync
>         server_args     = --daemon
>         log_on_failure  += USERID
> }
> 
> 
> 
> How does rsync check permissions ??? is it ACL compatible ?
> 
> thanks for advice
> 
> Please cc me (thierry.itty@besancon.org) I'm not subscribed
> -- 
> To unsubscribe or change options:
http://lists.samba.org/mailman/listinfo/rsync
> Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html