[Bug 11013] New: [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 11013] New: [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage

samba-bugs
https://bugzilla.samba.org/show_bug.cgi?id=11013

            Bug ID: 11013
           Summary: [patch] Mention that privileges are dropped, when "use
                    chroot" is enabled in rsyncd.conf manpage
           Product: rsync
           Version: 3.1.1
          Hardware: All
                OS: All
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: core
          Assignee: [hidden email]
          Reporter: [hidden email]
        QA Contact: [hidden email]

Created attachment 10544
  --> https://bugzilla.samba.org/attachment.cgi?id=10544&action=edit
Proposed patch for rsyncd.conf.yo

The manpage of rsyncd.conf says when "use chroot" is enabled this is "as though
--numeric-ids had been specified".

When rsyncing a file from host A to host B using:
rsync -av sometestfile rsync://some_test_user@hostB/backup/

the uid and the gid of the source file on host A are not set accordingly on
host B. Even not if --numeric-ids is specified explicitly, on both server and
client side.

Relevant part of the server config:

use chroot = yes

[backup]
list = yes
path = /zdata/backup/
comment = Some comment
read only = no
auth users = some_test_user
secrets file = /usr/local/etc/rsync/rsyncd.secrets
numeric ids = yes

I fixed that by adding "uid = root" to rsyncd.conf.

The manpage does not mention that behavior at all.

--
You are receiving this mail because:
You are the QA Contact for the bug.
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Reply | Threaded
Open this post in threaded view
|

Re: [Bug 11013] New: [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage

Kevin Korb
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Only root can chown.  If rsync isn't running as root then it ignores
the --owner part of --archive.  This also makes --numeric-ids inert.

Simply put, if you aren't running as root then you can only create
files owned by your UID.  Rsync knows this.  Rsync assumes that if you
aren't root you didn't intend the --owner (or --group) part of
- --archive and it ignores those features.

On 12/16/2014 09:41 PM, [hidden email] wrote:

> https://bugzilla.samba.org/show_bug.cgi?id=11013
>
> Bug ID: 11013 Summary: [patch] Mention that privileges are dropped,
> when "use chroot" is enabled in rsyncd.conf manpage Product: rsync
> Version: 3.1.1 Hardware: All OS: All Status: NEW Severity: trivial
> Priority: P5 Component: core Assignee: [hidden email] Reporter:
> [hidden email] QA Contact: [hidden email]
>
> Created attachment 10544 -->
> https://bugzilla.samba.org/attachment.cgi?id=10544&action=edit 
> Proposed patch for rsyncd.conf.yo
>
> The manpage of rsyncd.conf says when "use chroot" is enabled this
> is "as though --numeric-ids had been specified".
>
> When rsyncing a file from host A to host B using: rsync -av
> sometestfile rsync://some_test_user@hostB/backup/
>
> the uid and the gid of the source file on host A are not set
> accordingly on host B. Even not if --numeric-ids is specified
> explicitly, on both server and client side.
>
> Relevant part of the server config:
>
> use chroot = yes
>
> [backup] list = yes path = /zdata/backup/ comment = Some comment
> read only = no auth users = some_test_user secrets file =
> /usr/local/etc/rsync/rsyncd.secrets numeric ids = yes
>
> I fixed that by adding "uid = root" to rsyncd.conf.
>
> The manpage does not mention that behavior at all.
>

- --
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
        Kevin Korb Phone:    (407) 252-6853
        Systems Administrator Internet:
        FutureQuest, Inc. [hidden email]  (work)
        Orlando, Florida [hidden email] (personal)
        Web page: http://www.sanitarium.net/
        PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlSQ7jsACgkQVKC1jlbQAQdldACfROGAvzkt8+nKufR5SGpjhywj
wMwAn0c20owgq3dsMs9qYe3J0qpQWRok
=1D2O
-----END PGP SIGNATURE-----
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Reply | Threaded
Open this post in threaded view
|

Re: [Bug 11013] New: [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage

Karl O. Pinc
On 12/16/2014 08:45:15 PM, Kevin Korb wrote:
> Only root can chown.  If rsync isn't running as root then it ignores
> the --owner part of --archive.  This also makes --numeric-ids inert.
>
> Simply put, if you aren't running as root then you can only create
> files owned by your UID.  Rsync knows this.  Rsync assumes that if
> you
> aren't root you didn't intend the --owner (or --group) part of
> --archive and it ignores those features.

Rsync has enough options that it seems it can be smarter than
it's users.  It could be worth adding a --stupid
option to tell rsync to be stupid and complain instead of doing
smart things.  This would help people diagnose just what
rsync is doing.

I'm sure this is a lot more work than it sounds.  There might
be better ways of reporting what's happening
than by complaining. A displayed table of which options are on/off
or have what value comes to mind.  (Too bad that
--stupid would not be the right option name for this.  :-)

Just a thought.



Karl <[hidden email]>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Reply | Threaded
Open this post in threaded view
|

[Bug 11013] [patch] Mention that privileges are dropped, when "use chroot" is enabled in rsyncd.conf manpage

samba-bugs
In reply to this post by samba-bugs
https://bugzilla.samba.org/show_bug.cgi?id=11013

Wayne Davison <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Wayne Davison <[hidden email]> ---
I've improved the "use chroot" & "numeric ids" sections to make this a little
clearer.

--
You are receiving this mail because:
You are the QA Contact for the bug.

--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html