PDA

View Full Version : rsync ssh Userrights



maccinx
28-Jun-2012, 19:38
Hi there,

i have two SLES Server and want to sync my Website on Sourcemachine /srv/www/htdocs/mySite/ to the other Targetmachine same Directory /srv/www/htdocs/mySite/.
On the Sourcemachine all Files have the User wwwrun Group www. After sync with rsync the Rights on the Targetmachine changed to sshUser:www.
Here my rsync Command:
rsync -avze ssh /srv/www/htdocs/mySite/ sshUser@targetmachine:/srv/www/htdocs/mySite/.
I thought with -a the rights are transfered to.

Can`t find what i`m missing.

any ideas?

maccinx:cool:

Jim Henderson
28-Jun-2012, 23:05
On Thu, 28 Jun 2012 18:44:01 +0000, maccinx wrote:

> On the Sourcemachine all Files have the User wwwrun Group www. After
> sync with rsync the Rights on the Targetmachine changed to sshUser:www.

Does the user wwwrun exist on the target machine?

If it does, does it have the same UID?

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell Knowledge Partner

maccinx
29-Jun-2012, 10:02
yes User wwwrun UID 30 are Systemusers on both Machines. I even thought about given wwwrun a passwort and use this user to connect via ssh wwwrun@targetmachine. But i think this is not a clever idea.

enovaklbank
29-Jun-2012, 16:08
-o, --owner
This option causes rsync to set the owner of the destination file to be the same as the source file, but only if the receiving rsync is being run as the
super-user (see also the --super and --fake-super options). Without this option, the owner of new and/or transferred files are set to the invoking user on the
receiving side.

jmozdzen
02-Jul-2012, 12:50
Hi maccinx,

as has been pointed out by enovaklbank, the problem is that an ordinary user may not change file ownership. As you connect to the target server as "sshUser", that's the context you get and the reason why only scp within the root user context can effectively use "--owner".

But rather than setting a password for wwwrun or even connecting as root, here's another way to skin that cat: If it's not necessary to trigger the transfer from sourcemachine, why not run the scp copy from targetmachine ("pull" instead of "push"), from the user wwwrun? As the files on sourcemachine are probably world-readable anyhow, you can use a low-privilege user on that machine to *read* the files, and as you're running in a wwwrun context on targetmachine, you'll be able to *write* the files with the proper ownership.

> I even thought about given wwwrun a passwort and use this user to connect via ssh wwwrun@targetmachine. But i think this is not a clever idea.

You should use at least public key authentication, rather than setting (and using) passwords. Especially in automated environments, that's much easier to handle...

Regards,
Jens

maccinx
02-Jul-2012, 13:51
ah i see, running a pull on the targetmachine as wwwrun may solve my problem. IŽll give it a try.
And of course i use public key authenification ;-)