Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Permission denied errors when using rsyncd as root

Posted on 2016-08-08
7
Medium Priority
?
880 Views
Last Modified: 2016-08-14
I'm using Backuppc for backup, and I'm setting up a new Centos 7 host. I have set it up in Backuppc same as my other Linux host, but when the backup runs, most files are skipped due to permission errors:

...
Remote[1]: rsync: readlink_stat("/usr/libexec/dovecot/auth" (in backup)) failed: Permission denied (13)
Remote[1]: rsync: readlink_stat("/usr/libexec/dovecot/dovecot-lda" (in backup)) failed: Permission denied (13)
Remote[1]: rsync: opendir "/mnt" (in backup) failed: Permission denied (13)
Remote[1]: rsync: opendir "/srv" (in backup) failed: Permission denied (13)
....

Open in new window


'rsyncd' appears to be running as root on the new server:

[root@localhost html]# ps -ef|grep rsync
root     19246     1  0 10:39 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root     20845 17488  0 11:47 pts/1    00:00:00 grep --color=auto rsync

Open in new window



My rsyncd.conf file specifies root as the uid/gid:

# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
max connections = 2
log file = /var/log/rsync.log
timeout = 300

[backup]
comment = share for backup
path = /
read only = no
list = yes
uid = root   
gid = root
auth users = root
secrets file = /etc/rsyncd.secrets

Open in new window


What am I missing?? Why can't the remote backup s/w read the files?

Thanks.
0
Comment
Question by:JPNeron
  • 5
  • 2
7 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 41748513
rsync will login on the remote server as whatever user started the job on the host server.

For example, if run or an "at" job started from you user id, that is what it will use unless told otherwise.

If you login or become root on the host, then launch the job, what happens?
0
 

Author Comment

by:JPNeron
ID: 41748949
It's not possible to run the backup command as anyone other than the backuppc user.

In my 'rsyncd.conf' file, in the [backup] stanza, I'm explicitly setting the user and group id to 'root'. Isn't that the way to do it?
0
 
LVL 20

Expert Comment

by:carlmd
ID: 41749010
I do not normally run rsync as a daemon. Typically this is only done when the host is not running SSH or RSH, such that it can be contacted by other computers with rsync using port 873. Is that your case? If not, then stop the daemon and just try rsync without using that.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:JPNeron
ID: 41749018
Typically this is only done when the host is not running SSH or RSH, such that it can be contacted by other computers with rsync using port 873. Is that your case?

Yes, that is exactly what it does. The backup server connects to the client using rsync on port 873.
0
 

Author Comment

by:JPNeron
ID: 41749036
As an experiment, I changed the uid/gid in the rsyncd.conf file from user 'root' to user 'appx' and ran a backup. I checked to see what rsync programs were running on the client, and rsync was now running as user 'appx':

root     10919     1  0 10:23 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
appx     13026 10919  0 10:52 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root     13274 12814  0 10:53 pts/1    00:00:00 grep --color=auto rsync

Open in new window


So it seems like the setup in  rsyncd.conf is correct. I did this same test this earlier when the conf file specified 'root' as the user, and it was running as 'root' as it should be.

More info from the backup log:

full backup started for directory backup (baseline backup #3)
started full dump, share=backup
Connected to centos7:873, remote version 30
Negotiated protocol version 28
Connected to module backup
Sending args: --server --sender --numeric-ids --perms --owner --group -D --links
 --hard-links --times --block-size=2048 --timeout=1000 --recursive --ignore-time
s . .
Sent exclude: /proc
Sent exclude: /media
Sent exclude: /home/jean/h
Sent exclude: /home/jean/k
Sent exclude: /home/jean/g
Sent exclude: /sys
Sent exclude: /backup
Sent exclude: /usr/src
Remote[1]: rsync: readlink_stat("/boot/System.map-3.10.0-327.el7.x86_64" (in bac
kup)) failed: Permission denied (13)
Remote[1]: rsync: readlink_stat("/boot/System.map-3.10.0-327.28.2.el7.x86_64" (i
n backup)) failed: Permission denied (13)
....

Open in new window

0
 

Accepted Solution

by:
JPNeron earned 0 total points
ID: 41749155
Found it.

The problem was 'selinux' enforcing some default policy. I don't need it, so I disabled selinux completely and now the permission errors are gone.

Thanks for listening...:-)

Jean
0
 

Author Closing Comment

by:JPNeron
ID: 41755366
Because I figured it out.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy. ┬áThis article also serves as your NTP server documentation.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question