Solved

Permission denied errors when using rsyncd as root

Posted on 2016-08-08
7
125 Views
Last Modified: 2016-08-14
I'm using Backuppc for backup, and I'm setting up a new Centos 7 host. I have set it up in Backuppc same as my other Linux host, but when the backup runs, most files are skipped due to permission errors:

...
Remote[1]: rsync: readlink_stat("/usr/libexec/dovecot/auth" (in backup)) failed: Permission denied (13)
Remote[1]: rsync: readlink_stat("/usr/libexec/dovecot/dovecot-lda" (in backup)) failed: Permission denied (13)
Remote[1]: rsync: opendir "/mnt" (in backup) failed: Permission denied (13)
Remote[1]: rsync: opendir "/srv" (in backup) failed: Permission denied (13)
....

Open in new window


'rsyncd' appears to be running as root on the new server:

[root@localhost html]# ps -ef|grep rsync
root     19246     1  0 10:39 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root     20845 17488  0 11:47 pts/1    00:00:00 grep --color=auto rsync

Open in new window



My rsyncd.conf file specifies root as the uid/gid:

# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
max connections = 2
log file = /var/log/rsync.log
timeout = 300

[backup]
comment = share for backup
path = /
read only = no
list = yes
uid = root   
gid = root
auth users = root
secrets file = /etc/rsyncd.secrets

Open in new window


What am I missing?? Why can't the remote backup s/w read the files?

Thanks.
0
Comment
Question by:JPNeron
  • 5
  • 2
7 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 41748513
rsync will login on the remote server as whatever user started the job on the host server.

For example, if run or an "at" job started from you user id, that is what it will use unless told otherwise.

If you login or become root on the host, then launch the job, what happens?
0
 

Author Comment

by:JPNeron
ID: 41748949
It's not possible to run the backup command as anyone other than the backuppc user.

In my 'rsyncd.conf' file, in the [backup] stanza, I'm explicitly setting the user and group id to 'root'. Isn't that the way to do it?
0
 
LVL 20

Expert Comment

by:carlmd
ID: 41749010
I do not normally run rsync as a daemon. Typically this is only done when the host is not running SSH or RSH, such that it can be contacted by other computers with rsync using port 873. Is that your case? If not, then stop the daemon and just try rsync without using that.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:JPNeron
ID: 41749018
Typically this is only done when the host is not running SSH or RSH, such that it can be contacted by other computers with rsync using port 873. Is that your case?

Yes, that is exactly what it does. The backup server connects to the client using rsync on port 873.
0
 

Author Comment

by:JPNeron
ID: 41749036
As an experiment, I changed the uid/gid in the rsyncd.conf file from user 'root' to user 'appx' and ran a backup. I checked to see what rsync programs were running on the client, and rsync was now running as user 'appx':

root     10919     1  0 10:23 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
appx     13026 10919  0 10:52 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root     13274 12814  0 10:53 pts/1    00:00:00 grep --color=auto rsync

Open in new window


So it seems like the setup in  rsyncd.conf is correct. I did this same test this earlier when the conf file specified 'root' as the user, and it was running as 'root' as it should be.

More info from the backup log:

full backup started for directory backup (baseline backup #3)
started full dump, share=backup
Connected to centos7:873, remote version 30
Negotiated protocol version 28
Connected to module backup
Sending args: --server --sender --numeric-ids --perms --owner --group -D --links
 --hard-links --times --block-size=2048 --timeout=1000 --recursive --ignore-time
s . .
Sent exclude: /proc
Sent exclude: /media
Sent exclude: /home/jean/h
Sent exclude: /home/jean/k
Sent exclude: /home/jean/g
Sent exclude: /sys
Sent exclude: /backup
Sent exclude: /usr/src
Remote[1]: rsync: readlink_stat("/boot/System.map-3.10.0-327.el7.x86_64" (in bac
kup)) failed: Permission denied (13)
Remote[1]: rsync: readlink_stat("/boot/System.map-3.10.0-327.28.2.el7.x86_64" (i
n backup)) failed: Permission denied (13)
....

Open in new window

0
 

Accepted Solution

by:
JPNeron earned 0 total points
ID: 41749155
Found it.

The problem was 'selinux' enforcing some default policy. I don't need it, so I disabled selinux completely and now the permission errors are gone.

Thanks for listening...:-)

Jean
0
 

Author Closing Comment

by:JPNeron
ID: 41755366
Because I figured it out.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question