rsync as root (Was: [CentOS-mirror] New Mirror)
Keld Jørn Simonsen
keld at dkuug.dk
Wed Aug 6 10:49:28 UTC 2008
On Wed, Jul 30, 2008 at 09:46:44AM +0800, mirror-maintainer at mirror.averse.net wrote:
>
> Ironically, I do run rsync --daemon as root for a few reasons:
> - use chroot=true
> - listen on port 873
> - specify per-module uid, gid
>
> Admittedly, I could manually chroot the daemon to the entire mirror
> tree before running it as a regular user, and I could do some port
> forwarding or iptables stuff and run rsyncd on a high port, and use a
> common nobody-like account for all modules...
>
> What do you guys do?
I would also like to run rsync as non-root, although I run it as root
now.
I would like to do:
start rsync standalone
connect to port 873
possibly chroot
run as nobody
Is that possible? I understand that rsync changes from root to some
non-root uid when it starts transferring, but in the mode where it
processes commands there is a window of opportunity to make it do things.
I would then like to close that window.
best regards
keld
More information about the CentOS-mirror
mailing list