From owner-freebsd-questions@FreeBSD.ORG Thu Sep 28 07:33:49 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 226AB16A403 for ; Thu, 28 Sep 2006 07:33:49 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from strange.daemonsecurity.com (59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9165343D60 for ; Thu, 28 Sep 2006 07:33:48 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [192.168.7.193] (68.Red-80-34-55.staticIP.rima-tde.net [80.34.55.68]) by strange.daemonsecurity.com (Postfix) with ESMTP id 09C5F2E024; Thu, 28 Sep 2006 09:33:45 +0200 (CEST) Message-ID: <451B7AD3.3000107@locolomo.org> Date: Thu, 28 Sep 2006 09:33:39 +0200 From: Erik Norgaard User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: Paul Schmehl References: <765A325E54DCF1DC39EBF9AE@utd59514.utdallas.edu> <20060927220439.GC45831@dan.emsphone.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Sync files locally? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2006 07:33:49 -0000 Paul Schmehl wrote: > --On Wednesday, September 27, 2006 17:04:39 -0500 Dan Nelson > wrote: >> >> You could use rsync to do this, but It'd probably be easier to get your >> remote rsync to drop the files in the right directory in the first place. >> > Hmmm...maybe I don't fully understand rsync. The files are from a > webserver and owned by www:www. The rsync runs under my account, so the > perms are changed to mine. Maybe there's a switch with rsync that would > allow me to sync directly? > > I'll poke around the man page. Thanks. 1) rsync changes behaviour depending on whether or not you include a trailing / from the man-page: rsync -av /src/foo /dest rsync -av /src/foo/ /dest/foo works the same way, (and sync locally in this example). Read the man page, there are lots of examples. 2) The options -t and -p preserve time and permissions respectively. Ownership will always change to the user running rsync unless you run as root. This has nothing to do with rsync, you can't run chown as an ordinary user. You can preserve the group if you're in that group on the destination host. 3) The files you are syncing - should they be writeable by www? For security, you may really want something like this: -rw-r----- user:www file and have user do the rsync. If you really need to have www write to the file, set group permissions +w. Personally, I have all my web-pages owned by me, and let apache access read-only. Log-files generated are owned by apache, but I don't back these up since they are continuously generated and rotated out. The config file is also only readable by apache, I don't want the risk of some exploit committing changes to the config file. It might be useful to have a separate dir where apache can store files with write permissions and owned by apache. But this depends on the web apps you deploy. IIRC to run rsync over ssh the user doing the syncing must have shell access, running your sync as root is not desirable, it MAY be preferred to have it run as www to preserve owner also, at least you can restrict access for www. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9