Permission denied errors when using rsyncd as root

I'm using Backuppc for backup, and I'm setting up a new Centos 7 host. I have set it up in Backuppc same as my other Linux host, but when the backup runs, most files are skipped due to permission errors:

...
Remote[1]: rsync: readlink_stat("/usr/libexec/dovecot/auth" (in backup)) failed: Permission denied (13)
Remote[1]: rsync: readlink_stat("/usr/libexec/dovecot/dovecot-lda" (in backup)) failed: Permission denied (13)
Remote[1]: rsync: opendir "/mnt" (in backup) failed: Permission denied (13)
Remote[1]: rsync: opendir "/srv" (in backup) failed: Permission denied (13)
....

Open in new window


'rsyncd' appears to be running as root on the new server:

[root@localhost html]# ps -ef|grep rsync
root     19246     1  0 10:39 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root     20845 17488  0 11:47 pts/1    00:00:00 grep --color=auto rsync

Open in new window



My rsyncd.conf file specifies root as the uid/gid:

# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

# uid = nobody
# gid = nobody
# use chroot = yes
# max connections = 4
pid file = /var/run/rsyncd.pid
# exclude = lost+found/
# transfer logging = yes
# timeout = 900
# ignore nonreadable = yes
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
max connections = 2
log file = /var/log/rsync.log
timeout = 300

[backup]
comment = share for backup
path = /
read only = no
list = yes
uid = root   
gid = root
auth users = root
secrets file = /etc/rsyncd.secrets

Open in new window


What am I missing?? Why can't the remote backup s/w read the files?

Thanks.
JPNeronAsked:
Who is Participating?
 
JPNeronConnect With a Mentor Author Commented:
Found it.

The problem was 'selinux' enforcing some default policy. I don't need it, so I disabled selinux completely and now the permission errors are gone.

Thanks for listening...:-)

Jean
0
 
carlmdCommented:
rsync will login on the remote server as whatever user started the job on the host server.

For example, if run or an "at" job started from you user id, that is what it will use unless told otherwise.

If you login or become root on the host, then launch the job, what happens?
0
 
JPNeronAuthor Commented:
It's not possible to run the backup command as anyone other than the backuppc user.

In my 'rsyncd.conf' file, in the [backup] stanza, I'm explicitly setting the user and group id to 'root'. Isn't that the way to do it?
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
carlmdCommented:
I do not normally run rsync as a daemon. Typically this is only done when the host is not running SSH or RSH, such that it can be contacted by other computers with rsync using port 873. Is that your case? If not, then stop the daemon and just try rsync without using that.
0
 
JPNeronAuthor Commented:
Typically this is only done when the host is not running SSH or RSH, such that it can be contacted by other computers with rsync using port 873. Is that your case?

Yes, that is exactly what it does. The backup server connects to the client using rsync on port 873.
0
 
JPNeronAuthor Commented:
As an experiment, I changed the uid/gid in the rsyncd.conf file from user 'root' to user 'appx' and ran a backup. I checked to see what rsync programs were running on the client, and rsync was now running as user 'appx':

root     10919     1  0 10:23 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
appx     13026 10919  0 10:52 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root     13274 12814  0 10:53 pts/1    00:00:00 grep --color=auto rsync

Open in new window


So it seems like the setup in  rsyncd.conf is correct. I did this same test this earlier when the conf file specified 'root' as the user, and it was running as 'root' as it should be.

More info from the backup log:

full backup started for directory backup (baseline backup #3)
started full dump, share=backup
Connected to centos7:873, remote version 30
Negotiated protocol version 28
Connected to module backup
Sending args: --server --sender --numeric-ids --perms --owner --group -D --links
 --hard-links --times --block-size=2048 --timeout=1000 --recursive --ignore-time
s . .
Sent exclude: /proc
Sent exclude: /media
Sent exclude: /home/jean/h
Sent exclude: /home/jean/k
Sent exclude: /home/jean/g
Sent exclude: /sys
Sent exclude: /backup
Sent exclude: /usr/src
Remote[1]: rsync: readlink_stat("/boot/System.map-3.10.0-327.el7.x86_64" (in bac
kup)) failed: Permission denied (13)
Remote[1]: rsync: readlink_stat("/boot/System.map-3.10.0-327.28.2.el7.x86_64" (i
n backup)) failed: Permission denied (13)
....

Open in new window

0
 
JPNeronAuthor Commented:
Because I figured it out.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.