Linux – rsync to remote server that does not have the same users setup as local server produces permission error

freebsdlinuxrsync

I'm setting up a backup of my linux-based webserver to a NAS running FreeBSD. I've created a backup user on the FreeBSD box and ran rsync as root on the local (web server) box using the following command:

rsync -avz /hsphere/ backup_user@192.168.1.253:/mnt/tank/web_backup/web01.webhost.net

It works fine for all directories owned by root, but when it starts backing up the directories owned by ordinary users, I get permission denied errors.

rsync: recv_generator: mkdir "/mnt/tank/web_backup/web01.webhost.net/hsphere/local/home/username/username.com" failed: Permission denied (13)

I was guessing this is because the "-a" tries to preserve the ownership of the original files, and since those users don't exist on the remote server, it was refusing it. I tried running rsync without the -o -g and -p flags thinking that would get around it, but I get the same error.

rsync -rltDz /hsphere/ backup_user@192.168.1.253:/mnt/tank/web_backup/web01.webhost.net

If I rsync using root for the remote NAS, it does succeed, but I would rather not have to use root on the NAS if I can avoid it since it creates a security hole. The "backup_user" on the freebsd box is in the wheel group, which should give him sufficient permissions.

Any advice on how to proceed?

Best Answer

You may want to try --fake-super. From the rsync man page:

--fake-super

When this option is enabled, rsync simulates super-user activities by saving/restoring the privileged attributes via special extended attributes that are attached to each file (as needed). This includes the file's owner and group (if it is not the default), the file's device info (device & special files are created as empty text files), and any permission bits that we won't allow to be set on the real file (e.g. the real file gets u-s,g-s,o-t for safety) or that would limit the owner's access (since the real super-user can always access/change a file, the files we create can always be accessed/changed by the creating user).

In your case, since you want to use --fake-super on the remote side, you will need to invoke it via --rsync-path, e.g.:

rsync -avz --rsync-path='rsync --fake-super' /source/ backupuser@remote:/dest/

When restoring from your backups, you will also need to ensure that --fake-super is always in force on the system where the backups are stored.

Related Solutions

Linux NTFS to NTFS rsync repeatedly recopying files

As per my second update, the permissions of my user did not allow me to set times. Running the rsync using the root account on the destination machine, along with --modify-window=5 gave me suitable behaviour. (If you don't have root access on the destination, the -u flag could help, but only if you're sure no-one will change the files on the remote system.)

Linux – How to allow writing to a mounted NFS partition

NFS authorizes operations based on the user ID, not username. To be able to write to /data/media on NFS client you need to ensure that apache on localhost and apache on remotehost have the same numeric user IDs.

File listings in the post do not confirm that.

Indeed the localhost listing says that the mountpoint /data/media is owned by apache@localhost.

[root@localhost ~]# ls -la /data
 ...
 drwxrwxrwx   5 apache apache 4096 Jan 31  2011 media

The remote listing shows that shared resource /data/media is owned by apache@remotehost.

[root@remotehost ~]# ls -la /data
drwxr-xr-x   4 apache  apache  4096 Jan 14  2011 media

If numeric user IDs of apache@localhost and apache@remotehost differ the directory would not be writable.

You can use the command ls -lna to check numerical user IDs.

This is just a guess. There is nothing in the OP that specifically confirms that there is a disagreement in user IDs.

Best Answer

Related Solutions

Linux NTFS to NTFS rsync repeatedly recopying files

Linux – How to allow writing to a mounted NFS partition

Related Topic