Solved

Permission denied errors when using rsyncd as root

Posted on 2016-08-08
7
208 Views
Last Modified: 2016-08-14
I'm using Backuppc for backup, and I'm setting up a new Centos 7 host. I have set it up in Backuppc same as my other Linux host, but when the backup runs, most files are skipped due to permission errors:

...
Remote[1]: rsync: readlink_stat("/usr/libexec/dovecot/auth" (in backup)) failed: Permission denied (13)
Remote[1]: rsync: readlink_stat("/usr/libexec/dovecot/dovecot-lda" (in backup)) failed: Permission denied (13)
Remote[1]: rsync: opendir "/mnt" (in backup) failed: Permission denied (13)
Remote[1]: rsync: opendir "/srv" (in backup) failed: Permission denied (13)
....

Open in new window


'rsyncd' appears to be running as root on the new server:

[root@localhost html]# ps -ef|grep rsync
root     19246     1  0 10:39 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root     20845 17488  0 11:47 pts/1    00:00:00 grep --color=auto rsync

Open in new window



My rsyncd.conf file specifies root as the uid/gid:

# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
max connections = 2
log file = /var/log/rsync.log
timeout = 300

[backup]
comment = share for backup
path = /
read only = no
list = yes
uid = root   
gid = root
auth users = root
secrets file = /etc/rsyncd.secrets

Open in new window


What am I missing?? Why can't the remote backup s/w read the files?

Thanks.
0
Comment
Question by:JPNeron
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 41748513
rsync will login on the remote server as whatever user started the job on the host server.

For example, if run or an "at" job started from you user id, that is what it will use unless told otherwise.

If you login or become root on the host, then launch the job, what happens?
0
 

Author Comment

by:JPNeron
ID: 41748949
It's not possible to run the backup command as anyone other than the backuppc user.

In my 'rsyncd.conf' file, in the [backup] stanza, I'm explicitly setting the user and group id to 'root'. Isn't that the way to do it?
0
 
LVL 20

Expert Comment

by:carlmd
ID: 41749010
I do not normally run rsync as a daemon. Typically this is only done when the host is not running SSH or RSH, such that it can be contacted by other computers with rsync using port 873. Is that your case? If not, then stop the daemon and just try rsync without using that.
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 

Author Comment

by:JPNeron
ID: 41749018
Typically this is only done when the host is not running SSH or RSH, such that it can be contacted by other computers with rsync using port 873. Is that your case?

Yes, that is exactly what it does. The backup server connects to the client using rsync on port 873.
0
 

Author Comment

by:JPNeron
ID: 41749036
As an experiment, I changed the uid/gid in the rsyncd.conf file from user 'root' to user 'appx' and ran a backup. I checked to see what rsync programs were running on the client, and rsync was now running as user 'appx':

root     10919     1  0 10:23 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
appx     13026 10919  0 10:52 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root     13274 12814  0 10:53 pts/1    00:00:00 grep --color=auto rsync

Open in new window


So it seems like the setup in  rsyncd.conf is correct. I did this same test this earlier when the conf file specified 'root' as the user, and it was running as 'root' as it should be.

More info from the backup log:

full backup started for directory backup (baseline backup #3)
started full dump, share=backup
Connected to centos7:873, remote version 30
Negotiated protocol version 28
Connected to module backup
Sending args: --server --sender --numeric-ids --perms --owner --group -D --links
 --hard-links --times --block-size=2048 --timeout=1000 --recursive --ignore-time
s . .
Sent exclude: /proc
Sent exclude: /media
Sent exclude: /home/jean/h
Sent exclude: /home/jean/k
Sent exclude: /home/jean/g
Sent exclude: /sys
Sent exclude: /backup
Sent exclude: /usr/src
Remote[1]: rsync: readlink_stat("/boot/System.map-3.10.0-327.el7.x86_64" (in bac
kup)) failed: Permission denied (13)
Remote[1]: rsync: readlink_stat("/boot/System.map-3.10.0-327.28.2.el7.x86_64" (i
n backup)) failed: Permission denied (13)
....

Open in new window

0
 

Accepted Solution

by:
JPNeron earned 0 total points
ID: 41749155
Found it.

The problem was 'selinux' enforcing some default policy. I don't need it, so I disabled selinux completely and now the permission errors are gone.

Thanks for listening...:-)

Jean
0
 

Author Closing Comment

by:JPNeron
ID: 41755366
Because I figured it out.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
VM backup deduplication is a method of reducing the amount of storage space needed to save VM backups. In most organizations, VMs contain many duplicate copies of data, such as VMs deployed from the same template, VMs with the same OS, or VMs that h…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question