On Sat, Aug 30, 2008 at 07:51:10PM +0200, Keld Jørn Simonsen wrote: > On Sat, Aug 30, 2008 at 12:58:10PM -0400, Matt McCutchen wrote: > > On Sat, 2008-08-30 at 18:23 +0200, Keld Jørn Simonsen wrote: > > > I run a mirror service where for gentoo I run rsync as a daemon. > > > Currently the daemon runs root to get the 873 port opened. > > > And when transfers then run, they run as nobody. > > > > > > I would like the rsync daemon to connect to 873 (as root) > > > then possibly do a chroot and then run always as something else > > > than root (maybe nobody). > > > > > > It this advisable? Is it possible? > > > > The only time that the rsync daemon supports chrooting and changing > > uid/gid is each time it accepts a client connection. If you want the > > daemon to listen on port 873 without the master daemon process running > > as root, you could have the daemon listen on an unprivileged port and > > run a port forwarding program (such as ssh) as root to forward > > connections from port 873 to the daemon's port. If you want the master > > process to be chrooted, you'll have to chroot before starting it. > > Yes, this is also what I understand is possible now. > > Could a feature be added to rsync in daemon mode, where it shifts to a > specific userid, after connecting to port 873 and possibly doing a > chroot?
Is there something to this? Would this be added if a patch had been made? Best regards keld -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
