On Sat, 2008-08-30 at 18:23 +0200, Keld Jørn Simonsen wrote: > I run a mirror service where for gentoo I run rsync as a daemon. > Currently the daemon runs root to get the 873 port opened. > And when transfers then run, they run as nobody. > > I would like the rsync daemon to connect to 873 (as root) > then possibly do a chroot and then run always as something else > than root (maybe nobody). > > It this advisable? Is it possible?
The only time that the rsync daemon supports chrooting and changing uid/gid is each time it accepts a client connection. If you want the daemon to listen on port 873 without the master daemon process running as root, you could have the daemon listen on an unprivileged port and run a port forwarding program (such as ssh) as root to forward connections from port 873 to the daemon's port. If you want the master process to be chrooted, you'll have to chroot before starting it. Matt
signature.asc
Description: This is a digitally signed message part
-- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
