Linux‎ > ‎

rsync server setup on RHEL

Thank you for visiting this page, this page has been update in another link Rsync server setup on RHEL


       rsync -- a fast, versatile, remote (and local) file-copying tool

       The rsyncd.conf file is the runtime configuration file for rsync when run as an rsync daemon.

       The rsyncd.conf file controls authentication, access, logging and available modules.

By default, rsyncd listens port 873 for incoming connections from other computers utilizing rsync. Note: this is not recommended for the transfer of files across unsecured networks, such as the Internet, because the actual data transfer is not encrypted. Use this to keep information synchronized between different computers in internal networks, as well as perform backups.

There are basic two different approaches to have rsync running as a daemon, one is to launch the program with the --daemon parameter, and the other is to have inetd or xinetd to launch rsync and have it running as the other services that inetd and xinetd handles
In any case, we must configure the file /etc/rsyncd.conf, we start with simple one, minimum module paramenters.

# cat /etc/rsyncd.conf
log file = /var/log/rsync.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
[backup]
        path = /home/backups
        comment = backup files
        read only = yes
        hosts allow = 192.168.1.1, 192.168.1.2
        hosts deny = *
        list = true

To have a test

On server

# rsync --daemon
#  netstat -putan | grep 873
tcp        0      0 0.0.0.0:873                 0.0.0.0:*                   LISTEN      28661/xinetd

Also, you can check /var/log/rsync.log, you should see message like below
rsyncd version 3.0.6 starting, listening on port 873       


On client

#rsync testrsyncserver::
backup        backup files

To stop the rsync server
#killall rsync

The other way is to use xinetd, the Extended Internet Services Daemon service is a TCP-wrapped super service which controls access to a subset of popular network services, including FTP, IMAP, and Telnet. Of course, rsync.
No much you need to do from default:

# cat /etc/xinetd.d/rsync
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
#    allows crc checksumming etc.
service rsync
{
    disable    = yes
    socket_type     = stream
    wait            = no
    user            = root
    server          = /usr/bin/rsync
    server_args     = --daemon
    log_on_failure  += USERID
}

There are two different ways to enable rsync on xinetd, one is to change /etc/xinetd.d/rsync, disable=no, then have xinetd a restart/reload, or run
#chkconfig rsync on
They both work, but, you have to remember that the second way is only to reload xinetd, so if your xinetd is stopped, then you have to explicitly start xinetd service.

Note: xinetd uses TCP wrapper, so you may see rsync --daemon works, but not via xinetd, the reason is that:
The following is the sequence of events followed by xinetd when a client requests a connection:

First: The xinetd daemon accesses the TCP Wrappers hosts access rules using a libwrap.a library call (files /etc/hosts.allow,deny). If a deny rule matches the client, the connection is dropped. If an allow rule matches the client, the connection is passed to xinetd.

Then: The xinetd daemon checks its own access control rules both for the xinetd service and the requested service. If a deny rule matches the client, the connection is dropped. Otherwise, xinetd starts an instance of the requested service and passes control of the connection to that service.

Add a rule like below in /etc/hosts.allow
rsync            : 192.168.1.0/255.255.255.0

Further more, unlike inetd, xinetd doesn't need to have an entry in /etc/services, it can handle the port/protocol by itself. If rsync is defined in /etc/services, the lines port and protocol can be omitted. So, if you want to specify rsync ports, change /etc/xinetd.d/rsync is enough.
    port         =873
    protocol    =tcp

In production environment, you'd want to setup securly, here is more detail

At the beginning, we showed the /etc/rsyncd.conf, there are basically two sections in the file, the global parameters and the modules section. The global parameters define the overall behavior of rsync

  • lock file is the file that rsync uses to handle the maximum number of connections
  • log file is where rsync will save any information about it's activity; when it started running, when and from where does other computers connect, and any errors it encounters.
  • pid file is where the rsync daemon will write the process id that has been assigned to it, this is useful because we can use this process id to stop the daemon.

After the global parameters, is modules section, every module is a folder that we share with rsync, the important parts here are:

  • [name] is the name that we assign to the module. Each module exports a directory tree. The module name can not contain slashes or a closing square bracket.
  • path is the path of the folder that we are making available with rsync
  • comment is a comment that appears next to the module name when a client obtain the list of all available modules
  • uid When the rsync daemon is run as root, we can specify which user owns the files that are transfer from and to.
  • gid This allows us to set the group that own the files that are transferred if the daemon is run as root
  • read only determines if the clients who connect to rsync can upload files or not, the default of this parameter is true for all modules.
  • list allows the module to be listed when clients ask for a list of available modules, setting this to false hides the module from the listing.
  • auth users is a list of users allowed to access the content of this module, the users are separated by comas. The users don't need to exist in the system, they are defined by the secrets file.
  • secrets file defines the file that contains the usernames and passwords of the valid users for rsync
  • hosts allow are the addresses allowed to connect to the system. Without this parameter all hosts are allowed to connect.

[backup]
    path = /home/backups
    comment = backup files
    uid = root
    gid = root
    read only = no
    list = true
    auth users = rsyncclient,backup
    secrets file = /etc/rsyncd.secrets
    hosts allow = 192.168.1.1,192.168.1.2


Here is the secret file looks like, remember, change the permission of this file so it can't be read or modified by other users, rsync will fail if the permissions of this file are not appropriately set:

#chmod 600 /etc/rsyncd.secrets
#cat /etc/rsyncd.secrets

rsyncclient:passWord
backup:Password
user001:password



Comments