On Tue, 29 Jul 2008, Olivier Thauvin wrote: >>> Your rsync user - don't run rsync as root! And don't run it as your >>> web/ftp service account either. >> >> I can understand not running rsync in daemon mode as root but what is >> the problem with running the rsync client as root? > > There is many reasons: [snip] Thanks Olivier. Although this question wasn't asked, I'd add a reason not to run as the web/ftp service account, which is to ensure that the web/ftp service is unable to access the content if it isn't world readable; eg when content is made available to mirrors before public announcements, and a permission bitflip is used to make the content available on the release date. Ironically, I do run rsync --daemon as root for a few reasons: - use chroot=true - listen on port 873 - specify per-module uid, gid Admittedly, I could manually chroot the daemon to the entire mirror tree before running it as a regular user, and I could do some port forwarding or iptables stuff and run rsyncd on a high port, and use a common nobody-like account for all modules... What do you guys do?