💾 Archived View for dfdn.info › dfdn › rsync.gmi captured on 2023-12-28 at 15:23:24. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-11-04)

-=-=-=-=-=-=-

Setting up an Rsync Daemon

First, using your preferred text editor, you’ll need to create the configuration file /etc/rsyncd.conf, if you do not have one already. Below is an example of our basic configuration parameters and explanations of each one.

pid file = /var/run/rsyncd.pid

lock file = /var/run/rsync.lock

log file = /var/log/rsync.log

port = 873

[files]

path = /home/public_rsync

comment = RSYNC FILES

read only = true

timeout = 300

pid file: The process id file the daemon uses.

lock file: The daemon lock file.

log file: The location of the log file.

port: If you do not want the rsync daemon to run on its default port (873) then you may specify a new port here. Make sure this port is open in your firewall. Rsync uses the TCP protocol for its transfers.

Personally I think it best to use standard ports for services (since it saves the user from having to specify - hence remember - the port and use a standard URL) unless there is good reason to use otherwise. For example, Apache uses the standard 80/443 pair and other things with a web interface need to use another port.

[files]: This is the module name. The name used here is what you’ll be putting in the rsync pull command as the first part of the source (/files/../..). You can name it what you’d like and can have as many as you’d like.

path: The file path for files associated with this module.

comment: Descriptive comment for this module.

read only: This tells the daemon the directory for this module is read-only. You cannot upload to it. For upload only, use upload only = true.

timeout: In seconds, the rsync daemon will wait before terminating a dead conenction.

This is just a basic configuration. For a more detailed list of options, see the manual page.

Running Rsync as a Daemon

Now with this basic configuration we can start the daemon by itself by running the below:

rsync --daemon

You can verify the daemon is running with:

ps x | grep rsync

If you have anything weird in the output, such as a statement stating unconfined, you may have SELinux blocking the daemon. You will need to work to add rsync to be accepted by SELinux in order for you to run the daemon.

.

Now that the rsync daemon is running, it’s ready to accept connections. If you are unsure how to do connect from an rsync client, review our guide on connecting with rsync.

To stop the daemon you can run a kill command.

kill `cat /var/run/rsyncd.pid`

.

Running Rsync Via Xinetd

If you are already using xinetd to manage services, you can add rsync daemon control as well. While xinetd provides greater central control over running processes, note that it doesn’t necessarily mean greater security.

First, edit the xinet.d file for rsync, if it already exists (if not, you can create it and use the example configuration below). Change the disabled line to no. You will also want to add the port line with either the default (873) or your custom port.

Note: If you are using a custom port, you will also need to edit the rsync port in the service file (/etc/services) to your custom port.

.

Using your preferred text editor, create or edit /etc/xinetd.d/rsync as below:

default: off

description: The rsync server is a good addition to an ftp server, as it \

allows crc checksumming etc.

service rsync

{

disable = no

flags = IPv6

socket_type = stream

port = 873

wait = no

user = root

server = /usr/bin/rsync

server_args = --daemon

log_on_failure += USERID

}

Now you just need to restart xinetd, and the rsync daemon should run.

/etc/init.d/xinetd restart

.

Testing the Rysnc Directories

To test your connection to the rsync daemon and find which paths are available to you, simply connect from your client to the rsync host using the following method. This method runs only part of a pull command but will reveal paths for you.

rsync -rdt rsync://IPADDR:RsyncPort/

This command will show which directories are open to you. If you do not know the file name you can repeat the process (adding onto the file path) until you find the intended file(s).

rsync -rdt rsync://IPADDR:RsyncPort/DirectoryName

And once you find the file, you can complete the command and pull it in.

rsync -rdt rsync://IPADDR:RsyncPort/DirectoryName/File /DestinationDirectory/

Adding Usernames and Passwords to the Rsync Daemon

You can make your rsync daemon more secure by adding a username and password requirement in its configuration file. Open /etc/rsyncd.conf with your preferred text editor, and enter these parameters under the module.

[files]

path = /home/public_rsync

comment = RSYNC FILES

read only = true

timeout = 300

auth users = rsync1,rsync2

secrets file = /etc/rsyncd.secrets

auth users: List of users, separated by commas. They do not necessarily need to exist on the system, but they do need to exist in the secrets file.

secrets file: File path to your secrets file containing the usernames and passwords list.

Using your preferred text editor, open or create your /etc/rsyncd.secrets file. Use the following format username:password.

rsync1:9$AZv2%5D29S740k

rsync2:Xyb#vbfUQR0og0$6

rsync3:VU&A1We5DEa8M6^8

Once you have saved this file, secure it so only the root user can read or edit it.

chmod 600 /etc/rsyncd.secrets

Note that we added an rsync3 user, which we did not specify in the auth users parameter in /etc/rsyncd.conf. You’ll see why below.

Now, when connecting to this rsync daemon, you’ll need to be sure to use the appropriate username.

If you try to connect with a user not permitted in the auth users, you will get the below error.

auth error failed on module files

rsync error starting client server protocol (code 5) at main.c (1503) [reciever=3.0.6]

For an unauthorised user.

And that’s it for the basics of an rsync daemon. You should now be able to create a basic rsync daemon and have directories specified for uploading, downloading, or both!

Remember, as the secrets file is plaintext, be sure to set permission 600 so that only root can read or edit it!