Re: getting rid of permission denied partial transfer errors
Jim Salter wrote: yeah, except that the directory is not 700 but 600, so even user backup cannot traverse it... but root can. Have you considered using sudo such that the fileserver isn't actually logging into the backupserver as root, but only logging in as a heavily *un*privileged account which can do nothing but run a script chmodded 750 and chowned root.backup, which then sudo's rsync to do your bidding? Sorry for the late reply. I have been thinking about this, but i can't figure out how to use sudo effectively. You are suggesting to use sudo to run the script. However, my concern is that to run rsync inside the script, root priviledges must be granted to some user (remember the ssh shell), so that triggering synchronization is possible, but the script needs rights to log as root at the other end. When I use an SSH transport, that's how I use it. My servers won't allow remote root login to begin with (and that's the way I like it), and by doing it that way there's really nothing that compromising the backup account can do other than give someone the ability to run my daily backups for me. Not too scary, that. Does the backup script have read access to the files? Mine doesn't, as stated above, and that's where everything screws up. :-( By the way, can a user be granted read access of everything without any other right? I have chosen to ignore the errors, but i am still curious. -- Sayan -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: getting rid of permission denied partial transfer errors
Jim Salter wrote: The rsync command tries to send sample_file to the backup server, which cannot write it because it was not able to recurse into my_directory. Removing the -p switch and removing the backup file did not succeed, and rsync continued to preserve the perms even without the switch. I am running rsync 2.5.5 on debian woody/stable. Hm. You apparently missed something when you tried changing the switches - if you aren't running rsync with -a, -o, or -g, it won't create files or directories as owned by anyone but the user context it is running under. So permissions are no longer a problem, because even if a directory is 700, when it's owned on the backup server by user backup, user backup can of course traverse it. yeah, except that the directory is not 700 but 600, so even user backup cannot traverse it... but root can. -- Sayan -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
getting rid of permission denied partial transfer errors
Hi, I am currently setting up a backup script for the /home directory of a server. I send all the files on a remote machine through LAN connection using rsync to optimize bandwidth usage. The script is run as root on the server by a cron job but rsync connects to the remote machine as a normal user via an ssh key certificate. This leads to many permission denied errors, as the server side can read files (as root), but cannot create them on the receiving side. rsync -azSHe ssh --delete --numeric-ids /home [EMAIL PROTECTED]:/mnt/backup/ Is there an option to ignore only such errors? I have read the man page over and over but i could not find anything to suit my needs. thanks -- Sayan -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: getting rid of permission denied partial transfer errors
Ron DuFresne wrote: sure avoid all perm/user issues by making the whole server suid. seen kids do that when they tired of having to su - root on their linux systems. this command is only one line extracted from a script. Syncing of other files require root privileges one the server side, eg squid logs. The alternative would be to enable ssh for root for those particular cron jobs make sure the sshd_config is edited to disable this mischeif after the job has run and send and recieve as root on both ends, and set the proper rsync switch to retain onwers/perms . i have tried to refrain from being root on both systems. ;-) The backup machine is quite paranoid, access is restricted by firewall filtering of the MAC/IP pairs. It would be quite disappointing to allow remote root access. I am having trouble with user/group matching, too, as a consequence. -- Sayan I am currently setting up a backup script for the /home directory of a server. I send all the files on a remote machine through LAN connection using rsync to optimize bandwidth usage. The script is run as root on the server by a cron job but rsync connects to the remote machine as a normal user via an ssh key certificate. This leads to many permission denied errors, as the server side can read files (as root), but cannot create them on the receiving side. rsync -azSHe ssh --delete --numeric-ids /home [EMAIL PROTECTED]:/mnt/backup/ Is there an option to ignore only such errors? I have read the man page over and over but i could not find anything to suit my needs. -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: getting rid of permission denied partial transfer errors
jw schultz wrote: On Mon, Dec 22, 2003 at 09:11:26PM +0100, Sayan wrote: I am currently setting up a backup script for the /home directory of a server. I send all the files on a remote machine through LAN connection using rsync to optimize bandwidth usage. The script is run as root on the server by a cron job but rsync connects to the remote machine as a normal user via an ssh key certificate. This leads to many permission denied errors, as the server side can read files (as root), but cannot create them on the receiving side. rsync -azSHe ssh --delete --numeric-ids /home [EMAIL PROTECTED]:/mnt/backup/ Is there an option to ignore only such errors? I have read the man page over and over but i could not find anything to suit my needs. Why ignore the errors? They are meaningfull unless you don't really care about whether the backups are any good. I don't care if the backups of the users' homes are not perfect. Running as root on both sides is not an option, so there has to be limits anyway. Config files and logs are much more important, and backing up of the homes is bonus. As this command is run on a daily basis by a cron job, the same errors get reported every day. That's why i am looking for a way to suppress these particular error messages. (which i find perfectly normal btw) If you insist on doing it this way go to the backup server and chown the relevant file set to the account used. Then review your rsync arguments and eliminate any that are in conflict with running was a normal user: -a, -o, --numeric-ids, and probably -g That didn't solve the problem when i tested it some time ago. One failure example is trying to send files that cannot be written : Server side : dr--r--r-- my_directory dr--r--r-- my_directory\sample_file The rsync command tries to send sample_file to the backup server, which cannot write it because it was not able to recurse into my_directory. Removing the -p switch and removing the backup file did not succeed, and rsync continued to preserve the perms even without the switch. I am running rsync 2.5.5 on debian woody/stable. i have considered stripping the command down to the barest options (recursive compress and ssh) but the errors still get reported. -- Sayan -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
