samba-bugs@samba.org
2008-Feb-21 22:01 UTC
DO NOT REPLY [Bug 5275] New: user id mapping stopped working with 3.0.0pre10
https://bugzilla.samba.org/show_bug.cgi?id=5275 Summary: user id mapping stopped working with 3.0.0pre10 Product: rsync Version: 3.0.0 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned@samba.org ReportedBy: brian@aljex.com QAContact: rsync-qa@samba.org I'm running the daemon natively (no ssh/rsh) on several suse linux boxes of various versions and cpu types (and freebsd and sco open server) and all use a config file that runs rsyncd as root and all boxes talk to each other. rsync versions range from 2.6.6 to 3.0.0pre9 and up to 3.0.0pre9 everything has been fine. 3.0.0pre10, when acting as the server, fails to do user id mapping. Any version client (2.6.9, 3.0.0pre1, 3.0.0pre9, 3.0.0pre10), sending to, or receiving from, a 3.0.0pre10 server, transferring files ownded by a user that exists on both boxes but with different uid's, the files do not get the user id translated on the receiver. Any version client (including 3.0.0pre10), sending to, or receiving from, a 3.0.0pre9 or lower server, works. That is, the error is dependant on the property of 3.0.0pre10 being in daemon mode. Doesn't matter what version the client is, and doesn't matter which side is the sender or the receiver of a file. All that matters is, if the server is 3.0.0pre10, then uid mapping doesn't happen. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
samba-bugs@samba.org
2008-Feb-22 00:27 UTC
DO NOT REPLY [Bug 5275] user id mapping stopped working with 3.0.0pre10
https://bugzilla.samba.org/show_bug.cgi?id=5275 matt@mattmccutchen.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Comment #1 from matt@mattmccutchen.net 2008-02-21 18:28 CST ------- This is the expected behavior, however unfortunate. Beginning with rsync 3.0.0pre10, the default is for a daemon never to map uids/gids by name in modules with "use chroot" enabled. This closes a vulnerability where a client might be able to compromise a daemon process by uploading shared libraries that the daemon process would load in an attempt to do uid/gid mapping. If your modules are read-only or you have taken other security measures, you can set "numeric ids = true" in the configuration to re-enable uid/gid mapping. See section `3. Daemon advisory for "use chroot = yes"' of http://rsync.samba.org/security.html for more information. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
samba-bugs@samba.org
2008-Feb-22 00:28 UTC
DO NOT REPLY [Bug 5275] user id mapping stopped working with 3.0.0pre10
https://bugzilla.samba.org/show_bug.cgi?id=5275 ------- Comment #2 from matt@mattmccutchen.net 2008-02-21 18:28 CST ------- Whoops, I meant "numeric ids = false". That one is easy to get backwards. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
samba-bugs@samba.org
2008-Feb-22 03:34 UTC
DO NOT REPLY [Bug 5275] user id mapping stopped working with 3.0.0pre10
https://bugzilla.samba.org/show_bug.cgi?id=5275 ------- Comment #3 from brian@aljex.com 2008-02-21 21:35 CST ------- OK, but, here is rsyncd.conf, and the command line was just "--daemon" =======================================================uid = root gid = sys read only = false #use chroot = true transfer logging = true log format = %h %o %f %l %b log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid #hosts allow = trusted.hosts secrets file = /etc/rsyncd.secrets [root] path = / auth users = root =============================================== Is use chroot enabled by default so that commenting it out is not enough to disable it? In any event, numeric ids = false works so thanks Thats a good catch, I'll have to think about that one... -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
samba-bugs@samba.org
2008-Feb-22 03:35 UTC
DO NOT REPLY [Bug 5275] user id mapping stopped working with 3.0.0pre10
https://bugzilla.samba.org/show_bug.cgi?id=5275 ------- Comment #4 from brian@aljex.com 2008-02-21 21:35 CST ------- OK, but, here is rsyncd.conf, and the command line was just "--daemon" =======================================================uid = root gid = sys read only = false #use chroot = true transfer logging = true log format = %h %o %f %l %b log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid #hosts allow = trusted.hosts secrets file = /etc/rsyncd.secrets [root] path = / auth users = root =============================================== Is use chroot enabled by default so that commenting it out is not enough to disable it? In any event, numeric ids = false works so thanks Thats a good catch, I'll have to think about that one... -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
samba-bugs@samba.org
2008-Feb-22 04:06 UTC
DO NOT REPLY [Bug 5275] user id mapping stopped working with 3.0.0pre10
https://bugzilla.samba.org/show_bug.cgi?id=5275 ------- Comment #5 from matt@mattmccutchen.net 2008-02-21 22:07 CST ------- (In reply to comment #3)> Is use chroot enabled by default so that commenting it out is not enough to > disable it?Yes. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
Reasonably Related Threads
- DO NOT REPLY [Bug 4878] New: segfault when i386 client touches x86_64 server (no rsh/ssh) both cvs 3.0.0 today 20070813
- DO NOT REPLY [Bug 4263] New: Symlinks gets corruped when rsyncd is used to 'put' the symlink.
- DO NOT REPLY [Bug 6191] New: rsyncd path does not support environmental variables
- DO NOT REPLY [Bug 5792] New: rsync fails to log files "sent" with options: --itemize-changes -n --log-file
- DO NOT REPLY [Bug 4318] New: automatic module creation with rights on server