?
Solved

Permission denied errors when using rsyncd as root

Posted on 2016-08-08
7
Medium Priority
?
496 Views
Last Modified: 2016-08-14
I'm using Backuppc for backup, and I'm setting up a new Centos 7 host. I have set it up in Backuppc same as my other Linux host, but when the backup runs, most files are skipped due to permission errors:

...
Remote[1]: rsync: readlink_stat("/usr/libexec/dovecot/auth" (in backup)) failed: Permission denied (13)
Remote[1]: rsync: readlink_stat("/usr/libexec/dovecot/dovecot-lda" (in backup)) failed: Permission denied (13)
Remote[1]: rsync: opendir "/mnt" (in backup) failed: Permission denied (13)
Remote[1]: rsync: opendir "/srv" (in backup) failed: Permission denied (13)
....

Open in new window


'rsyncd' appears to be running as root on the new server:

[root@localhost html]# ps -ef|grep rsync
root     19246     1  0 10:39 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root     20845 17488  0 11:47 pts/1    00:00:00 grep --color=auto rsync

Open in new window



My rsyncd.conf file specifies root as the uid/gid:

# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
max connections = 2
log file = /var/log/rsync.log
timeout = 300

[backup]
comment = share for backup
path = /
read only = no
list = yes
uid = root   
gid = root
auth users = root
secrets file = /etc/rsyncd.secrets

Open in new window


What am I missing?? Why can't the remote backup s/w read the files?

Thanks.
0
Comment
Question by:JPNeron
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 41748513
rsync will login on the remote server as whatever user started the job on the host server.

For example, if run or an "at" job started from you user id, that is what it will use unless told otherwise.

If you login or become root on the host, then launch the job, what happens?
0
 

Author Comment

by:JPNeron
ID: 41748949
It's not possible to run the backup command as anyone other than the backuppc user.

In my 'rsyncd.conf' file, in the [backup] stanza, I'm explicitly setting the user and group id to 'root'. Isn't that the way to do it?
0
 
LVL 20

Expert Comment

by:carlmd
ID: 41749010
I do not normally run rsync as a daemon. Typically this is only done when the host is not running SSH or RSH, such that it can be contacted by other computers with rsync using port 873. Is that your case? If not, then stop the daemon and just try rsync without using that.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 

Author Comment

by:JPNeron
ID: 41749018
Typically this is only done when the host is not running SSH or RSH, such that it can be contacted by other computers with rsync using port 873. Is that your case?

Yes, that is exactly what it does. The backup server connects to the client using rsync on port 873.
0
 

Author Comment

by:JPNeron
ID: 41749036
As an experiment, I changed the uid/gid in the rsyncd.conf file from user 'root' to user 'appx' and ran a backup. I checked to see what rsync programs were running on the client, and rsync was now running as user 'appx':

root     10919     1  0 10:23 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
appx     13026 10919  0 10:52 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root     13274 12814  0 10:53 pts/1    00:00:00 grep --color=auto rsync

Open in new window


So it seems like the setup in  rsyncd.conf is correct. I did this same test this earlier when the conf file specified 'root' as the user, and it was running as 'root' as it should be.

More info from the backup log:

full backup started for directory backup (baseline backup #3)
started full dump, share=backup
Connected to centos7:873, remote version 30
Negotiated protocol version 28
Connected to module backup
Sending args: --server --sender --numeric-ids --perms --owner --group -D --links
 --hard-links --times --block-size=2048 --timeout=1000 --recursive --ignore-time
s . .
Sent exclude: /proc
Sent exclude: /media
Sent exclude: /home/jean/h
Sent exclude: /home/jean/k
Sent exclude: /home/jean/g
Sent exclude: /sys
Sent exclude: /backup
Sent exclude: /usr/src
Remote[1]: rsync: readlink_stat("/boot/System.map-3.10.0-327.el7.x86_64" (in bac
kup)) failed: Permission denied (13)
Remote[1]: rsync: readlink_stat("/boot/System.map-3.10.0-327.28.2.el7.x86_64" (i
n backup)) failed: Permission denied (13)
....

Open in new window

0
 

Accepted Solution

by:
JPNeron earned 0 total points
ID: 41749155
Found it.

The problem was 'selinux' enforcing some default policy. I don't need it, so I disabled selinux completely and now the permission errors are gone.

Thanks for listening...:-)

Jean
0
 

Author Closing Comment

by:JPNeron
ID: 41755366
Because I figured it out.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Are you looking to recover an email message or a contact you just deleted mistakenly? Or you are searching for a contact that you erased from your MS Outlook ‘Contacts’ folder and now realized that it was important.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question