Re: Fwd: Re: need help with an rsync patch

Fri, 16 Aug 2013 21:08:53 -0700 

On Thursday 15 August 2013 01:25 AM, Kevin Korb wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It works if you use --fake-super on the side that isn't super.  That
is the only side that needs it:

asylum# id kmk
uid=12313(kmk) gid=100(users)
groups=100(users),10(wheel),16(cron),35(games)
asylum# ls -l ~kmk/testfile
- -rw-r----- 1 kmk users 0 Aug 14 15:47 /home/kmk/testfile
asylum# ssh backups@psychosis id
uid=12317(backups) gid=12317(backups) groups=12317(backups)
asylum# rsync -vai --rsync-path="/usr/bin/rsync --fake-super"
~kmk/testfile backups@psychosis:
sending incremental file list
<f+++++++++ testfile

sent 84 bytes  received 31 bytes  230.00 bytes/sec
total size is 0  speedup is 0.00
asylum# ssh backups@psychosis ls -l testfile
- -rw-r----- 1 backups backups 0 Aug 14 15:47 testfile
asylum# ssh backups@psychosis getfattr testfile
# file: testfile
user.rsync.%stat

asylum# ssh backups@psychosis getfattr -n user.rsync.%stat testfile
# file: testfile
user.rsync.%stat="100640 0,0 12313:100"

asylum# rsync -vai --rsync-path="/usr/bin/rsync --fake-super"
backups@psychosis:testfile /tmp/
receiving incremental file list

f+++++++++ testfile

sent 30 bytes  received 89 bytes  238.00 bytes/sec
total size is 0  speedup is 0.00
asylum# ls -l /tmp/testfile
- -rw-r----- 1 kmk users 0 Aug 14 15:47 /tmp/testfile


The file gets stored in the backup as the backups user but with a tag
saying it is really supposed to be owned by kmk.  When I restore it it
comes back owned by user kmk.

On 08/14/13 15:20, Sherin A wrote:






On Wednesday 14 August 2013 11:04 PM, Kevin Korb wrote: The point
of --fake-super is that when you restore the file with --fake-super
it will restore with the original ownership.  Of course that means
that the restore has to be run with super privs on the target and
--fake-super on the source.


This doesn't work on remote stores . It doesn't restore the
ownerships.





On Wednesday 14 August 2013 11:04 PM, Kevin Korb wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

The point of --fake-super is that when you restore the file with
--fake-super it will restore with the original ownership.  Of
course that means that the restore has to be run with super privs
on the target and --fake-super on the source.

On 08/14/13 13:30, Sherin A wrote:

On Wednesday 14 August 2013 10:25 PM, Kevin Korb wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

As has been pointed out to you your problem is not hard
links. Your problem is the indiscriminate use of a root
operation (a chown) during the restoration process.

You should be solving this by either: A) backing up and
restoring the original owner of the files (directly or via
--fake-super)

This won't work ,

root@source [~]# id dom2inho uid=507(dom2inho)
gid=508(dom2inho) groups=508(dom2inho) root@source[~]# rsync
-avp -e 'ssh ' --fake-super /home/dom2inho
backup@10.0.0.10:/home/backup/ In storage server , [root@dest
dom2inho]# id backup uid=505(backup) gid=506(backup)
groups=506(backup) [root@dest dom2inho]# pwd
/home/backup/dom2inho [root@dest dom2inho]# ll -d
/home/backup/dom2inho/shadow --w------- 1 backup backup 1344
Aug 13 12:52 /home/backup/dom2inho/shadow   => not preserving
uids or gids [root@da dom2inho]#

If I am doing something wrong please let  me know.



B) backing up each user's files and only their files.

I don't see an option in the rsync man to copy only  each
users files , can  you please point me to  that option


Thanking you for your valuable time and help .
- -- ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~ 
        Kevin Korb                      Phone:    (407) 252-6853
        Systems Administrator           Internet:
        FutureQuest, Inc.               ke...@futurequest.net  (work)
        Orlando, Florida                k...@sanitarium.net (personal)
        Web page:                       http://www.sanitarium.net/
        PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlIL4McACgkQVKC1jlbQAQdm9ACfU8rcoocAWBjOP/ppz19P5fwj
VUMAoO1ac+tMqzdJ1+R3G0AjuDdbQi5j
=5RU9
-----END PGP SIGNATURE-----
So, It need to be a pull type rsync with unprivileged user ?. It was not a permanent solution always. May be it is the time to present this POC to other forums. There will be a big issue with hundreds of servers and applications that use rsync and can be exploited using the POS. 

--
--------------------------------------
Regards
Sherin A
http://www.sherin.co.in/

--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Reply via email to