Multiple initiators, single sync user

This is a discussion on Multiple initiators, single sync user within the Rsync forums, part of the Networking and Network Related category; I am at my limits on this one, so I welcome any and all suggestions. My group has a working ...


Go Back   Usenet Forums > Networking and Network Related > Rsync

Reload this Page Multiple initiators, single sync user

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 10-21-2005
millerdad@gmail.com
 
Posts: n/a
Default Multiple initiators, single sync user
I am at my limits on this one, so I welcome any and all suggestions.

My group has a working data tree that needs to be sync'd to another
site. woot rsync. The data needs to be read-only, owned by a single
user on the other end.

Right now I have a source account "rsyncA" at siteA and a destination
account "rsyncB" at siteB. The rsyncA user is placed in the .rhosts of
rsyncB and rsync -rsh=rsh is happy running as rsyncA.

Now, however, I need to allow other users access to initiate this
transfer and I'm running into authentication problems. My first stab
was a setuid C wrapper with the setuid bit set. If I watch the rsync
process it is being run as rsyncA, but rsh is still run as the original
uid (preventing the remote rsync server from starting). Probably
something to do with the privledged ports maybe? I dunno.

My next thought was to try using SSH as the remote shell agent but I'm
running into similar issues - and even then the public keys are all
tied to specific machine/user combos instead of just users.

Maintaining a .rhosts file at the remote end is out of the queston - I
don't want to grant general login access, just access to the rsync
script.

Is there any solution for this?

Thanks,

Eric

Reply With Quote
  #2 (permalink)  
Old 10-24-2005
Up2L8
 
Posts: n/a
Default Re: Multiple initiators, single sync user
In case anyone else is curious I will post my workaround using rexec -

- Create C wrapper that does a setuid:
#include <stdlib.h>

#define PROGNAME "/usr/bin/rsync"
#define USER "USER=USER"
#define HOME "HOME=USER/HOME/PATH"
#define IFS "IFS= \t\n"
int main(int argc, char *argv) {
putenv(USER);
putenv(IFS);
putenv(HOME);
setuid(geteuid());
execv(PROGNAME, argv);
return(0);
}

- chmod 4711 the wrapper
- use --rsh=rexec on rsync cmd line
- put machine/user/pass in HOME/.netrc (chmod 600)

When rexec is run by rsync it is setuid (rsh is setuid root so this
does not work). It reads the read-only .netrc in the HOME path and
sends the password through rexec. The obvious security hole here
(besides any setuid gotchas) is that the password is sent cleartext via
rexec. Oh well.. good enough for me!

Eric

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:35 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0