Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Sep 2006 09:33:39 +0200
From:      Erik Norgaard <norgaard@locolomo.org>
To:        Paul Schmehl <pauls@utdallas.edu>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Sync files locally?
Message-ID:  <451B7AD3.3000107@locolomo.org>
In-Reply-To: <F60917F4E6AC408830A588A0@utd59514.utdallas.edu>
References:  <765A325E54DCF1DC39EBF9AE@utd59514.utdallas.edu>	<20060927220439.GC45831@dan.emsphone.com> <F60917F4E6AC408830A588A0@utd59514.utdallas.edu>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Paul Schmehl wrote:
> --On Wednesday, September 27, 2006 17:04:39 -0500 Dan Nelson 
> <dnelson@allantgroup.com> wrote:
>>
>> You could use rsync to do this, but It'd probably be easier to get your
>> remote rsync to drop the files in the right directory in the first place.
>>
> Hmmm...maybe I don't fully understand rsync.  The files are from a 
> webserver and owned by www:www.  The rsync runs under my account, so the 
> perms are changed to mine.  Maybe there's a switch with rsync that would 
> allow me to sync directly?
> 
> I'll poke around the man page.  Thanks.

1) rsync changes behaviour depending on whether or not you include a 
trailing / from the man-page:

        rsync -av /src/foo /dest
        rsync -av /src/foo/ /dest/foo

works the same way, (and sync locally in this example). Read the man 
page, there are lots of examples.

2) The options -t and -p preserve time and permissions respectively. 
Ownership will always change to the user running rsync unless you run as 
root. This has nothing to do with rsync, you can't run chown as an 
ordinary user.

You can preserve the group if you're in that group on the destination host.

3) The files you are syncing - should they be writeable by www? For 
security, you may really want something like this:

   -rw-r----- user:www    file

and have user do the rsync. If you really need to have www write to the 
file, set group permissions +w.

Personally, I have all my web-pages owned by me, and let apache access 
read-only. Log-files generated are owned by apache, but I don't back 
these up since they are continuously generated and rotated out. The 
config file is also only readable by apache, I don't want the risk of 
some exploit committing changes to the config file.

It might be useful to have a separate dir where apache can store files 
with write permissions and owned by apache. But this depends on the web 
apps you deploy.

IIRC to run rsync over ssh the user doing the syncing must have shell 
access, running your sync as root is not desirable, it MAY be preferred 
to have it run as www to preserve owner also, at least you can restrict 
access for www.

Cheers, Erik
-- 
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?451B7AD3.3000107>