Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: rsync and ssh keys help
Operating Systems OS X (Apple) rsync and ssh keys help Post 302690715 by kleinboy on Thursday 23rd of August 2012 09:53:22 AM
Old 08-23-2012
rsync and ssh keys help
Not specifically a mac question, but it's what I am using.

I am setting up some replication for some file shares using rsync. The problem is that I am being given a little bit of a twist - I'm supposed to use a non-admin account to do it with.

I have 2 boxes - Master and Slave with 1 account (sharesync). I setup a pub/private key pair and am able to successfully ssh from slave to master. I can also run rsync from the slave to the master. My problem is that rsync fails, complaining that it can't change ownership/permissions on the files that it just placed on the slave. This makes sense in that it requires admin rights to be able to chown files.

Is there a way to allow the non-admin sharesync account to rsync files? Or do I just tell the guy that we will do it the old fashioned way - using a root/admin account?

This works, by running it out of an admin account, but does not work with the sharesync key pair:
Code:
sudo -u sharesync /usr/bin/rsync -ahvv --delete --log-file=/Users/Shared/$(date +%Y%m%d)rsynclog_nosudo.txt sharesync@mastershare.example.com:/Volumes/X2_Data/Shares/CasperShare/ /Volumes/Data/Shares/CasperShare/

This works with the ssh key pair, but fails when rsync tries to change ownership and set times:
Code:
/usr/bin/rsync -ahvv --delete --log-file=/Users/Shared/$(date +%Y%m%d)rsynclog_nosudo.txt sharesync@mastershare.example.com:/Volumes/X2_Data/Shares/CasperShare/ /Volumes/Data/Shares/CasperShare/
sent 127.34K bytes  received 22.65M bytes  15.19M bytes/sec
total size is 109.88G  speedup is 4823.39
rsync error: some files could not be transferred (code 23) at /SourceCache/rsync/rsync-42/rsync/main.c(1400) [generator=2.6.9]

 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

SSH Keys Help

Hello, I'm wondering if anyone has a step-by-step instruction set for setting up ssh keys? I've gone through many of the manuals online (most seem to be from the same source) and it's a little bit unclear when the documentation is talking about the server versus the client machine. I'm missing... (1 Reply)
Discussion started by: sysera
1 Replies

2. UNIX for Dummies Questions & Answers

SSH keys

Hi everyone, i wanted to generate ssh keys so that i can include the public key in the remote sever, so that for subsequent logins, i can do away with the keying in of the password. I consulted the man ssh-keygen man pages. "..Normally each user wishing to use SSH with RSA or DSA... (1 Reply)
Discussion started by: new2ss
1 Replies

3. UNIX for Dummies Questions & Answers

ssh keys monitoring

Hi, I have ssh keys (id_rsa and id_rsa.pub). However, every once in a while, someone deletes these keys. here's what i want to do : 1. on my server, it will ssh user@password into the target machine(where ssh keys are located). 2. check the date/filesize of id_rsa, id_rsa.pub). 3.... (0 Replies)
Discussion started by: tungaw2004
0 Replies

4. Shell Programming and Scripting

Sharing SSH Keys

I have 2 systems A and B I need to do a passwd less authentication inorder to send a file from system B to system A automatically(using sftp) for this i did the following I generated ssh-keygen -t dsa on system B, copied this key(id_dsa.pub) into the authorized_keys file on system A... (1 Reply)
Discussion started by: ramky79
1 Replies

5. Shell Programming and Scripting

What are public keys in ssh and how do we create the public keys??

Hi All, I am having knowledge on some basics of ssh and wanted to know what are the public keys and how can we create and implement it in connecting server. Please provide the information for the above, it would be helpful for me. Thanks, Ravindra (1 Reply)
Discussion started by: ravi3cha
1 Replies

6. Shell Programming and Scripting

How helpful are ssh keys?

Hi frnz, I work in an environment, where I need to login to multiple UNIX sessions(Always types my password when prompted for) I heard of ssh keys which provides us a valid authentication and that avoids us typing the password. Now I want to generate the ssh keys and use in my... (2 Replies)
Discussion started by: dnam9917
2 Replies

7. Solaris

help with SSH keys

Hello, I could use some help with my ssh keys and agent. This is the issue. I have 2 different UNIX systems at work. One is the normal Solaris servers with my uid being the same throughout all the servers. I now have a different system for my desktop. A contractor came in and installed some SUN... (0 Replies)
Discussion started by: bitlord
0 Replies

8. Red Hat

Configuring the SSH keys..

I am currently working on setting up a server to scp some files over for backup purposes. Server 1 - Bob (Appliance) Server 2 - Sana (RH 5) Server 1 - 1 - Generated RSA2 2 - Collected the public key to be input on the backup server = Sana Server 2 - 1 - This is were I am stuck the... (4 Replies)
Discussion started by: NelsonC
4 Replies

9. Shell Programming and Scripting

Find active SSH servers w/ ssh keys on LAN

Hi, I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step: #!/bin/bash # LAN SSH KEYS DISCOVERY SCRIPT </etc/passwd \ grep /bin/bash | cut -d: -f6 | sudo xargs -i -- sh -c ' && cat... (11 Replies)
Discussion started by: syrius
11 Replies

LEARN ABOUT OPENSOLARIS

rsync_selinux

rsync_selinux(8)					rsync Selinux Policy documentation					  rsync_selinux(8)

NAME

       rsync_selinux - Security Enhanced Linux Policy for the rsync daemon

DESCRIPTION

       Security-Enhanced Linux secures the rsync server via flexible mandatory access control.

FILE_CONTEXTS
       SELinux	requires  files to have an extended attribute to define the file type.	Policy governs the access daemons have to these files.	If
       you want to share files using the rsync daemon, you must label the files and directories public_content_t.  So if  you  created	a  special
       directory /var/rsync, you would need to label the directory with the chcon tool.

       chcon -t public_content_t /var/rsync

       To make this change permanent (survive a relabel), use the semanage command to add the change to file context configuration:

       semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"

       This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:

       /var/rsync(/.*)? system_u:object_r:publix_content_t:s0

       Run the restorecon command to apply the changes:

       restorecon -R -v /var/rsync/

SHARING FILES

       If  you	want  to  share  files	with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and pub-
       lic_content_rw_t.  These context allow any of the above domains to read the content.  If you want a particular domain to write to the  pub-
       lic_content_rw_t domain, you must set the appropriate boolean.  allow_DOMAIN_anon_write.  So for rsync you would execute:

       setsebool -P allow_rsync_anon_write=1

BOOLEANS

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

       selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)

dwalsh@redhat.com						    17 Jan 2005 						  rsync_selinux(8)
All times are GMT -4. The time now is 12:33 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy