rsync - Dec 2014 - [Bug 11013] New: [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage

https://bugzilla.samba.org/show_bug.cgi?id=11013

            Bug ID: 11013
           Summary: [patch] Mention that privileges are dropped, when "use
                    chroot" is enabled in rsyncd.conf manpage
           Product: rsync
           Version: 3.1.1
          Hardware: All
                OS: All
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: core
          Assignee: wayned at samba.org
          Reporter: m at mmap.at
        QA Contact: rsync-qa at samba.org

Created attachment 10544
  --> https://bugzilla.samba.org/attachment.cgi?id=10544&action=edit
Proposed patch for rsyncd.conf.yo

The manpage of rsyncd.conf says when "use chroot" is enabled this is
"as though
--numeric-ids had been specified". 

When rsyncing a file from host A to host B using:
rsync -av sometestfile rsync://some_test_user at hostB/backup/

the uid and the gid of the source file on host A are not set accordingly on
host B. Even not if --numeric-ids is specified explicitly, on both server and
client side.

Relevant part of the server config:

use chroot = yes

[backup]
list = yes
path = /zdata/backup/
comment = Some comment
read only = no
auth users = some_test_user
secrets file = /usr/local/etc/rsync/rsyncd.secrets
numeric ids = yes

I fixed that by adding "uid = root" to rsyncd.conf.

The manpage does not mention that behavior at all.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Only root can chown.  If rsync isn't running as root then it ignores
the --owner part of --archive.  This also makes --numeric-ids inert.

Simply put, if you aren't running as root then you can only create
files owned by your UID.  Rsync knows this.  Rsync assumes that if you
aren't root you didn't intend the --owner (or --group) part of
- --archive and it ignores those features.

On 12/16/2014 09:41 PM, samba-bugs at samba.org wrote:
> https://bugzilla.samba.org/show_bug.cgi?id=11013
> 
> Bug ID: 11013 Summary: [patch] Mention that privileges are dropped,
> when "use chroot" is enabled in rsyncd.conf manpage Product:
rsync
> Version: 3.1.1 Hardware: All OS: All Status: NEW Severity: trivial 
> Priority: P5 Component: core Assignee: wayned at samba.org Reporter:
> m at mmap.at QA Contact: rsync-qa at samba.org
> 
> Created attachment 10544 -->
> https://bugzilla.samba.org/attachment.cgi?id=10544&action=edit 
> Proposed patch for rsyncd.conf.yo
> 
> The manpage of rsyncd.conf says when "use chroot" is enabled this
> is "as though --numeric-ids had been specified".
> 
> When rsyncing a file from host A to host B using: rsync -av
> sometestfile rsync://some_test_user at hostB/backup/
> 
> the uid and the gid of the source file on host A are not set
> accordingly on host B. Even not if --numeric-ids is specified
> explicitly, on both server and client side.
> 
> Relevant part of the server config:
> 
> use chroot = yes
> 
> [backup] list = yes path = /zdata/backup/ comment = Some comment 
> read only = no auth users = some_test_user secrets file >
/usr/local/etc/rsync/rsyncd.secrets numeric ids = yes
> 
> I fixed that by adding "uid = root" to rsyncd.conf.
> 
> The manpage does not mention that behavior at all.
> 
- -- 
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
	Kevin Korb			Phone:    (407) 252-6853
	Systems Administrator		Internet:
	FutureQuest, Inc.		Kevin at FutureQuest.net  (work)
	Orlando, Florida		kmk at sanitarium.net (personal)
	Web page:			http://www.sanitarium.net/
	PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlSQ7jsACgkQVKC1jlbQAQdldACfROGAvzkt8+nKufR5SGpjhywj
wMwAn0c20owgq3dsMs9qYe3J0qpQWRok
=1D2O
-----END PGP SIGNATURE-----

On 12/16/2014 08:45:15 PM, Kevin Korb wrote:
> Only root can chown.  If rsync isn't running as root then it ignores
> the --owner part of --archive.  This also makes --numeric-ids inert.
> 
> Simply put, if you aren't running as root then you can only create
> files owned by your UID.  Rsync knows this.  Rsync assumes that if 
> you
> aren't root you didn't intend the --owner (or --group) part of
> --archive and it ignores those features.
Rsync has enough options that it seems it can be smarter than
it's users.  It could be worth adding a --stupid
option to tell rsync to be stupid and complain instead of doing
smart things.  This would help people diagnose just what
rsync is doing.

I'm sure this is a lot more work than it sounds.  There might
be better ways of reporting what's happening
than by complaining. A displayed table of which options are on/off
or have what value comes to mind.  (Too bad that
--stupid would not be the right option name for this.  :-)

Just a thought.



Karl <kop at meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein

https://bugzilla.samba.org/show_bug.cgi?id=11013

Wayne Davison <wayned at samba.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Wayne Davison <wayned at samba.org> ---
I've improved the "use chroot" & "numeric ids"
sections to make this a little
clearer.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.