On Tue, Jan 27, 2004 at 04:31:53PM -0800, AI Connex wrote:
I use rsync to mirror several servers.
I run RH7.3
My rsyncd.conf file is:
motd file = /etc/rsync.d/rsync.motd
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
hosts allow = 10.1.2.200 10.1.2.201
hosts deny = 0.0.0.0/0.0.0.0
use chroot = yes
max connections = 3
#syslog facility =
[website]
path = /var/www/website
comment = Connex Live WWW Server
uid = nobody
gid = nobody
read only = no
list = yes
auth users = someone,root
secrets file = /etc/rsync.d/rsync.secrets
I use the --rsh=ssh option to use a ssh protocol
A typical script contains:
#!/bin/ash
PATH=/usr/local/bin:/bin:/usr/bin
### Setting user
USER=root
echo Synchronizing Website
#echo
rsync --rsh=ssh \
--password-file=/root/.rsyncpwd \
--compress --recursive --times --perms --links --owner --group \
--include web_order* --include web_user.* --include
web_user_c* --include web_user_h* \
--include web_user_l* --include web_org* --include web_in* --include
web_quote* \
--include quick_connect.* \
--exclude * \
10.1.2.190::website /var/www/website
Everything worked perfectly.
I am now getting the error
@ERROR: access denied to server.domain.com from unknown (0.0.0.0)
The question is, what changed?
If I changed the script so I do not use a ssh shell, everything works fine.
I have hunted the web for a solution, but no joy.
Please advise how I correct the problem.
As near as i can tell it never should have worked because
a local connection, via ssh, would never be allowed access with hosts
allow clause unless perhaps one of the hosts listed were
0.0.0.0
I've attached an UNTESTED patch (against CVS HEAD but should
be applicable to some older versions) that disables hosts
[allow|deny] for rsync over ssh so that the same config file
may be used for both ssh and direct socket connections.
--
J.W. SchultzPegasystems Technologies
email address: [EMAIL PROTECTED]
Remember Cernan and Schmitt
? ..clientserver.patch
Index: clientserver.c
===
RCS file: /data/cvs/rsync/clientserver.c,v
retrieving revision 1.115
diff -u -p -r1.115 clientserver.c
--- clientserver.c 27 Jan 2004 07:57:12 - 1.115
+++ clientserver.c 28 Jan 2004 01:02:45 -
@@ -226,17 +226,16 @@ static int rsync_module(int f_in, int f_
int ret;
char *request=NULL;
- if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
+ if (am_daemon am_server) {
+ rprintf(FINFO, rsync allowed access on module %s from %s (%s)\n,
+ name, host, addr);
+ }
+ else if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
rprintf(FERROR,rsync denied on module %s from %s (%s)\n,
name, host, addr);
io_printf(f_out, @ERROR: access denied to %s from %s (%s)\n,
name, host, addr);
return -1;
- }
-
- if (am_daemon am_server) {
- rprintf(FINFO, rsync allowed access on module %s from %s (%s)\n,
- name, host, addr);
}
if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) {
--
To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
