rsync as root (Was: [CentOS-mirror] New Mirror)

Wed Aug 6 10:49:28 UTC 2008
Keld Jørn Simonsen <keld at dkuug.dk>

On Wed, Jul 30, 2008 at 09:46:44AM +0800, mirror-maintainer at mirror.averse.net wrote:
> 
> Ironically, I do run rsync --daemon as root for a few reasons:
> - use chroot=true
> - listen on port 873
> - specify per-module uid, gid
> 
> Admittedly, I could manually chroot the daemon to the entire mirror 
> tree before running it as a regular user, and I could do some port 
> forwarding or iptables stuff and run rsyncd on a high port, and use a 
> common nobody-like account for all modules...
> 
> What do you guys do?

I would also like to run rsync as non-root, although I run it as root
now.

I would like to do:

start rsync standalone
connect to port 873
possibly chroot
run as nobody

Is that possible? I understand that rsync changes from root to some
non-root uid when it starts transferring, but in the mode where it
processes commands there is a window of opportunity to make it do things. 
I would then like to close that window.

best regards
keld