Yeah, this makes perfect sense and I should have thought of it. I already had rsyncd and apache separated, but now have the actual rsync running as a different user as well. I'm trying to ensure selinux stays on as part of this as well, but I'm running into a minor issue with the HEADER.* symlinks getting permission denieds when I test rsyncing from my server. Should hopefully be able to get that sorted out soon.
Thanks for the feedback.
Matt Ruzicka Sr. Systems Engineer mruzicka@cisp.com www.cisp.com www.yocolo.com 419.724.5345 : tel 419.867.6913 : fax
-----Original Message----- From: centos-mirror-bounces@centos.org [mailto:centos-mirror-bounces@centos.org] On Behalf Of Kevin Stange Sent: Wednesday, October 28, 2009 5:11 PM To: Mailing list for CentOS mirrors. Subject: Re: [CentOS-mirror] rsync file ownership
David Richardson wrote:
On Wed, 28 Oct 2009, Matt Ruzicka wrote:
I'm in process of putting together a public mirror and noticed the ownership on my files seem to keep swapping between uid/gid 502, 503 and I think I've seen 500 as well. The mirror howto suggests using rsync with -aqzH, which of course is going to retain the permissions of the synced files. Do others just put up with the ownership changes or are they splitting up the -a option into only some of its parts?
On mirror.chpc.utah.edu, I don't have the ownership bouncing, because I don't run the rsync as root.
I run the rsync as the user "mirror". All the files are owned by "mirror". I then have httpd run as user httpd and rsyncd as user rsync.
We do this as well on mirror.steadfast.net (though we don't run rsyncd). There's no reason you should need to run your rsyncs as the root user.
-- Kevin Stange Chief Technology Officer Steadfast Networks http://steadfast.net Phone: 312-602-2689 ext. 203 | Fax: 312-602-2688 | Cell: 312-320-5867