On Wed, Jul 30, 2008 at 09:46:44AM +0800, mirror-maintainer@mirror.averse.net wrote:
Ironically, I do run rsync --daemon as root for a few reasons:
- use chroot=true
- listen on port 873
- specify per-module uid, gid
Admittedly, I could manually chroot the daemon to the entire mirror tree before running it as a regular user, and I could do some port forwarding or iptables stuff and run rsyncd on a high port, and use a common nobody-like account for all modules...
What do you guys do?
I would also like to run rsync as non-root, although I run it as root now.
I would like to do:
start rsync standalone connect to port 873 possibly chroot run as nobody
Is that possible? I understand that rsync changes from root to some non-root uid when it starts transferring, but in the mode where it processes commands there is a window of opportunity to make it do things. I would then like to close that window.
best regards keld