Re: Sync files locally?

Thu, 28 Sep 2006 00:33:58 -0700 

Paul Schmehl wrote:
--On Wednesday, September 27, 2006 17:04:39 -0500 Dan Nelson <[EMAIL PROTECTED]> wrote: 

You could use rsync to do this, but It'd probably be easier to get your
remote rsync to drop the files in the right directory in the first place.


Hmmm...maybe I don't fully understand rsync.  The files are from a 
webserver and owned by www:www.  The rsync runs under my account, so the 
perms are changed to mine.  Maybe there's a switch with rsync that would 
allow me to sync directly?


I'll poke around the man page.  Thanks.



1) rsync changes behaviour depending on whether or not you include a 
trailing / from the man-page:


       rsync -av /src/foo /dest
       rsync -av /src/foo/ /dest/foo


works the same way, (and sync locally in this example). Read the man 
page, there are lots of examples.



2) The options -t and -p preserve time and permissions respectively. 
Ownership will always change to the user running rsync unless you run as 
root. This has nothing to do with rsync, you can't run chown as an 
ordinary user.


You can preserve the group if you're in that group on the destination host.


3) The files you are syncing - should they be writeable by www? For 
security, you may really want something like this:


  -rw-r----- user:www    file


and have user do the rsync. If you really need to have www write to the 
file, set group permissions +w.



Personally, I have all my web-pages owned by me, and let apache access 
read-only. Log-files generated are owned by apache, but I don't back 
these up since they are continuously generated and rotated out. The 
config file is also only readable by apache, I don't want the risk of 
some exploit committing changes to the config file.



It might be useful to have a separate dir where apache can store files 
with write permissions and owned by apache. But this depends on the web 
apps you deploy.



IIRC to run rsync over ssh the user doing the syncing must have shell 
access, running your sync as root is not desirable, it MAY be preferred 
to have it run as www to preserve owner also, at least you can restrict 
access for www.


Cheers, Erik
--
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






















					Reply via email to