It seems to me that there must be a more fundamental problem with the
security model of that backup system if users had the ability to read each
other's files. Even with a "write only" option, they can overwrite each
other's files, right? What if somebody overwrite a crucial file in
somebody else's area, and that file gets restored from backup? I think a
better solution would be to ensure that only the root user has any access
to the backup area, probably by using a "secrets file" and a --password-file
that's readable only by root, or better yet use ssh and public/private key
pair.
- Dave Dykstra
On Sat, Feb 23, 2002 at 02:14:57PM +0100, Jurij Smakov wrote:
> Hi!
>
> I am doing backups from a number of machines to an rsync server. For some
> time I was trying to come up with a solution, which would prevent users
> from peeking at each other's files, which are backed up. Finally, I've
> hacked rsync, introducing a new option "write only" for rsyncd.conf. When
> set to true, this option forbids the transfers from server to the client,
> thus solving my problems. Below is a patch against rsync-2.5.2 which
> implements those changes. Hopefully, somebody else will find it useful. I
> apologize, if that's the wrong list to post such stuff.
>
> --Cut here----------------------------------------------------------------
> diff -urN rsync-2.5.2.orig/loadparm.c rsync-2.5.2/loadparm.c
> --- rsync-2.5.2.orig/loadparm.c Sun Dec 2 09:16:15 2001
> +++ rsync-2.5.2/loadparm.c Sat Feb 23 13:48:12 2002
> @@ -117,6 +117,7 @@
> char *comment;
> char *lock_file;
> BOOL read_only;
> + BOOL write_only;
> BOOL list;
> BOOL use_chroot;
> BOOL transfer_logging;
> @@ -149,6 +150,7 @@
> NULL, /* comment */
> DEFAULT_LOCK_FILE, /* lock file */
> True, /* read only */
> + False, /* write only */
> True, /* list */
> True, /* use chroot */
> False, /* transfer logging */
> @@ -265,6 +267,7 @@
> {"lock file", P_STRING, P_LOCAL, &sDefault.lock_file, NULL, 0},
> {"path", P_STRING, P_LOCAL, &sDefault.path, NULL, 0},
> {"read only", P_BOOL, P_LOCAL, &sDefault.read_only, NULL, 0},
> + {"write only", P_BOOL, P_LOCAL, &sDefault.write_only, NULL, 0},
> {"list", P_BOOL, P_LOCAL, &sDefault.list, NULL, 0},
> {"use chroot", P_BOOL, P_LOCAL, &sDefault.use_chroot, NULL, 0},
> {"ignore nonreadable",P_BOOL, P_LOCAL, &sDefault.ignore_nonreadable, NULL,
>0},
> @@ -342,6 +345,7 @@
> FN_LOCAL_STRING(lp_path, path)
> FN_LOCAL_STRING(lp_lock_file, lock_file)
> FN_LOCAL_BOOL(lp_read_only, read_only)
> +FN_LOCAL_BOOL(lp_write_only, write_only)
> FN_LOCAL_BOOL(lp_list, list)
> FN_LOCAL_BOOL(lp_use_chroot, use_chroot)
> FN_LOCAL_BOOL(lp_transfer_logging, transfer_logging)
> diff -urN rsync-2.5.2.orig/main.c rsync-2.5.2/main.c
> --- rsync-2.5.2.orig/main.c Fri Jan 25 11:07:41 2002
> +++ rsync-2.5.2/main.c Sat Feb 23 13:49:38 2002
> @@ -306,10 +306,19 @@
> extern int relative_paths;
> extern int recurse;
> extern int remote_version;
> + extern int am_daemon;
> + extern int module_id;
> + extern int am_sender;
>
> if (verbose > 2)
> rprintf(FINFO,"server_sender starting pid=%d\n",(int)getpid());
>
> + if (am_daemon && lp_write_only(module_id) && am_sender) {
> + rprintf(FERROR,"ERROR: module is write only\n");
> + exit_cleanup(RERR_SYNTAX);
> + return;
> + }
> +
> if (!relative_paths && !push_dir(dir, 0)) {
> rprintf(FERROR,"push_dir %s: %s (3)\n",dir,strerror(errno));
> exit_cleanup(RERR_FILESELECT);
> diff -urN rsync-2.5.2.orig/proto.h rsync-2.5.2/proto.h
> --- rsync-2.5.2.orig/proto.h Sat Jan 26 00:07:33 2002
> +++ rsync-2.5.2/proto.h Sat Feb 23 13:48:12 2002
> @@ -125,6 +125,7 @@
> char *lp_path(int );
> char *lp_lock_file(int );
> BOOL lp_read_only(int );
> +BOOL lp_write_only(int );
> BOOL lp_list(int );
> BOOL lp_use_chroot(int );
> BOOL lp_transfer_logging(int );
> --Cut here----------------------------------------------------------------
>
> Best regards,
>
> Jurij.
>
>
>
> --
> To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync
> Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
--
To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
