Paul Schmehl wrote:
--On Wednesday, September 27, 2006 17:04:39 -0500 Dan Nelson <[EMAIL PROTECTED]> wrote:

You could use rsync to do this, but It'd probably be easier to get your
remote rsync to drop the files in the right directory in the first place.

Hmmm...maybe I don't fully understand rsync. The files are from a webserver and owned by www:www. The rsync runs under my account, so the perms are changed to mine. Maybe there's a switch with rsync that would allow me to sync directly?

I'll poke around the man page.  Thanks.

1) rsync changes behaviour depending on whether or not you include a trailing / from the man-page:

       rsync -av /src/foo /dest
       rsync -av /src/foo/ /dest/foo

works the same way, (and sync locally in this example). Read the man page, there are lots of examples.

2) The options -t and -p preserve time and permissions respectively. Ownership will always change to the user running rsync unless you run as root. This has nothing to do with rsync, you can't run chown as an ordinary user.

You can preserve the group if you're in that group on the destination host.

3) The files you are syncing - should they be writeable by www? For security, you may really want something like this:

  -rw-r----- user:www    file

and have user do the rsync. If you really need to have www write to the file, set group permissions +w.

Personally, I have all my web-pages owned by me, and let apache access read-only. Log-files generated are owned by apache, but I don't back these up since they are continuously generated and rotated out. The config file is also only readable by apache, I don't want the risk of some exploit committing changes to the config file.

It might be useful to have a separate dir where apache can store files with write permissions and owned by apache. But this depends on the web apps you deploy.

IIRC to run rsync over ssh the user doing the syncing must have shell access, running your sync as root is not desirable, it MAY be preferred to have it run as www to preserve owner also, at least you can restrict access for www.

Cheers, Erik
Ph: +34.666334818                      web:
X.509 Certificate:
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to