Hi All,
I must not understand the uid/gid line in rsyncd.conf. If someone
could briefly point out where I've gone wrong, I'd appreciate it.
I've created a special user to backup a server which has some users
who don't want all their files backed up, so I'm trying to address
their concerns by using the uid= and gid= lines in rsyncd.conf to
have the rsyncd run with 'uid=backuppc' and 'gid=backuppc'
privs, set
in the global section. Then I add backuppc to the appropriate group
in /etc/group as below.
In this way, rsync will have read permissions only for those users who
have made their files g+rX and who have agreed to have the backuppc
user added to their group in /etc/group.
ie 'minas' is a user who has his /home/dir set as
drwxr-x--- 39 minas minas 4096 2009-02-06 23:01 /home/minas
I've tried to have address this by setting his /etc/group line as:
minas:x:1000:backuppc
expecting that since 'backuppc' is now a member of the 'minas'
group,
rsync running with 'backuppc' privs can read the files 'minas'
user
allows the 'minas' group to read. This change allows the
'backuppc'
user to read those files from the shell.
However, this does not work for the backup (rsyncd refuses to read the
files with an entry in /var/log/rsyncd.log:
auth failed on module svn from nnn.nnn.nnn.nnn (
xxx.xxx.xxx.xxx): unauthorized user.
It /does/ work if I have the uid/gid lines set to 'root' or
to 'minas', but in that case ALL his files get backed up, which is
not what he wants.
The relevant parts of the rsyncd.conf file
# GLOBAL OPTIONS
log file=/var/log/rsyncd
pid file=/var/run/rsyncd.pid
auth users = [deleted]
uid = backuppc
gid = backuppc
secrets file = /etc/rsyncd.secrets
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
*.exe
max verbosity=2
# MODULE OPTIONS
[home]
comment = /home dir for []
path = /home
use chroot = no
max connections=1
lock file = /var/lock/rsyncd
read only = yes
list = yes
exclude from = /etc/rsyncd.exclude
strict modes = yes
hosts deny = *
hosts allow = [deleted]
ignore errors = no
ignore nonreadable = yes
transfer logging = yes
timeout = 600
refuse options = checksum dry-run
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2
*.tbz
--
Harry Mangalam - Research Computing, NACS, E2148, Engineering Gateway,
UC Irvine 92697 949 824-0084(o), 949 285-4487(c)
---
Good judgment comes from experience;
Experience comes from bad judgment. [F. Brooks.]
On Thu 12 Feb 2009, Harry Mangalam wrote:> > However, this does not work for the backup (rsyncd refuses to read the > files with an entry in /var/log/rsyncd.log: > > auth failed on module svn from nnn.nnn.nnn.nnn ( > xxx.xxx.xxx.xxx): unauthorized user.This message would indicate that the rsync connection to the daemon is refused; it doesn't get as far as the files themselves. I.e. the file permissions, uid / gid / etc aren't in the picture at all. As you have an "auth users = " line, you're doing something wrong while connecting... please show the command lines you run. Paul
On Thu, 2009-02-12 at 21:23 -0800, Harry Mangalam wrote:> I've created a special user to backup a server which has some users > who don't want all their files backed up, so I'm trying to address > their concerns by using the uid= and gid= lines in rsyncd.conf to > have the rsyncd run with 'uid=backuppc' and 'gid=backuppc' privs, set > in the global section. Then I add backuppc to the appropriate group > in /etc/group as below. > > In this way, rsync will have read permissions only for those users who > have made their files g+rX and who have agreed to have the backuppc > user added to their group in /etc/group. > > ie 'minas' is a user who has his /home/dir set as > drwxr-x--- 39 minas minas 4096 2009-02-06 23:01 /home/minas > > I've tried to have address this by setting his /etc/group line as: > > minas:x:1000:backuppc > > expecting that since 'backuppc' is now a member of the 'minas' group, > rsync running with 'backuppc' privs can read the files 'minas' user > allows the 'minas' group to read. This change allows the 'backuppc' > user to read those files from the shell. > > However, this does not work for the backup (rsyncd refuses to read the > files with an entry in /var/log/rsyncd.log:On Fri, 2009-02-13 at 09:21 -0800, Harry Mangalam wrote:> 2009/02/13 09:06:28 [9818] rsync: link_stat "." (in minas) failed: > Permission denied (13)The problem is that the daemon takes on only the specified uid and gid, not the supplementary groups of the uid. The attached patch (also in wip/supplementary-groups of my repository) adds a daemon parameter to take on the supplementary groups. Please test this and tell us whether it works for you. -- Matt -------------- next part -------------- A non-text attachment was scrubbed... Name: supplementary-groups.patch Type: text/x-patch Size: 4952 bytes Desc: not available Url : http://lists.samba.org/archive/rsync/attachments/20090214/4be7def4/supplementary-groups.bin
Harry, please CC rsync@lists.samba.org in your replies so that others can help and your messages are archived for others' future benefit. On Tue, 2009-02-17 at 09:02 -0800, Harry Mangalam wrote:> Thanks for the info and patch - I'm just about to try it. I take it > the patches are against 3.0.5?On Tue, 2009-02-17 at 15:59 -0800, Harry Mangalam wrote:> Your patch is failing on the released 3.0.5 source, so I assume 3.0.5 > is not the target. What is? Or failing that, what is 'your' > repository?The original patch was against the latest development rsync (see "Source repository" on http://rsync.samba.org/download.html ). The attached one will work on rsync 3.0.5. There was a minor conflict with improvements made to the daemon configuration code since 3.0.5.> Also, are you saying that it's rsync itself rather than the underlying > permission system that allows it take on the supplementary group > permissions? I thought that it was the *ix file / group system that > did this.The permission system just associates a list of supplementary groups with each process. Each program that changes its uid (the most common examples being login(1) and su(1)) is responsible for calling initgroups(3) to parse /etc/group and take on the corresponding supplementary groups. -- Matt -------------- next part -------------- A non-text attachment was scrubbed... Name: supplementary-groups-v3.0.5.patch Type: text/x-patch Size: 4954 bytes Desc: not available Url : http://lists.samba.org/archive/rsync/attachments/20090218/bd593af4/supplementary-groups-v3.0.5.bin
On Sat, Feb 14, 2009 at 08:53:22PM -0500, Matt McCutchen wrote:> The attached patch (also in wip/supplementary-groups of my repository) > adds a daemon parameter to take on the supplementary groups.I went a little different route than this path by allowing the user to specify one or more groups via the gid setting. It will also expand the string "*" (if specified as the first item) into the normal grouplist for the requested user. I then changed a non-super-user daemon-run to default the uid/gid parameters to NULL, which allows rsync to know if the user requested a value, and it will now complain if a specified setting fails. A super-user run still defaults to nobody if unspecified. ..wayne..