Feature request: save-as-user - Tools

This is a discussion on Feature request: save-as-user - Tools ; Hi, Is it possible to request a new feature that will help out some of us doing many mirrors, that is each mirror has their own system uid for security puroposes, it would be of great advantage (to I'm sure ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Feature request: save-as-user

  1. Feature request: save-as-user

    Hi,
    Is it possible to request a new feature that will help out some of us
    doing many mirrors, that is each mirror has their own system uid for
    security puroposes, it would be of great advantage (to I'm sure very
    many) to have an option to "save as user" rather than
    have the files/directories only owned by the mirror host side
    owner/group, or by root.

    maybe something like a --chown user.group


    Thanks
    --
    Please use reply-all for most replies to avoid omitting the mailing list.
    To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
    Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html


  2. Re: Feature request: save-as-user

    On Sat, Sep 13, 2008 at 07:10:53AM +1000, Quey wrote:
    > maybe something like a --chown user.group


    There is a diff in the patches directory that allows you to do this.
    If you apply patches/usermap.diff, you can use a command like this:

    rsync -av --usermap=*:someuser --groupmap=*:somegroup /src/ /dest/

    That's not nearly as succinct (due to these options having a lot more
    flexibility in affecting the users and groups than a single forced
    setting), so perhaps a built-in option alias would be a good idea for
    the simple case (one that would map --chown=someuser:somegroup to be
    the same as the above two options).

    This is one of the patches that I'm leaning towards adding to 3.1.0.

    ...wayne..
    --
    Please use reply-all for most replies to avoid omitting the mailing list.
    To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
    Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html


  3. Re: Feature request: save-as-user

    Hi Wayne,

    Fantastic, patch works a treat, thanks!
    +1 to commit to 3.1.0 release


    On 13/09/08 11:39:46, Wayne Davison wrote:
    > On Sat, Sep 13, 2008 at 07:10:53AM +1000, Quey wrote:
    > > maybe something like a --chown user.group

    >
    > There is a diff in the patches directory that allows you to do
    > this.
    > If you apply patches/usermap.diff, you can use a command like this:
    >
    > rsync -av --usermap=*:someuser --groupmap=*:somegroup /src/ /dest/
    >
    > That's not nearly as succinct (due to these options having a lot
    > more
    > flexibility in affecting the users and groups than a single forced
    > setting), so perhaps a built-in option alias would be a good idea
    > for
    > the simple case (one that would map --chown=someuser:somegroup to
    > be
    > the same as the above two options).
    >
    > This is one of the patches that I'm leaning towards adding to
    > 3.1.0.
    >
    > ..wayne..
    >

    --
    Please use reply-all for most replies to avoid omitting the mailing list.
    To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
    Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html


  4. Re: Feature request: save-as-user

    Quey (qms01@optusnet.com.au) wrote on 13 September 2008 07:10:
    >Is it possible to request a new feature that will help out some of us
    >doing many mirrors, that is each mirror has their own system uid for
    >security puroposes, it would be of great advantage (to I'm sure very
    >many) to have an option to "save as user" rather than
    >have the files/directories only owned by the mirror host side
    >owner/group, or by root.
    >
    >maybe something like a --chown user.group


    We host many mirrors and this feature is not at all necessary. Just
    run rsync with the user that owns that particular mirror. If you want
    to launch the update as root just use su.
    --
    Please use reply-all for most replies to avoid omitting the mailing list.
    To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
    Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html


  5. Re: Feature request: save-as-user

    On Sat, 2008-09-13 at 15:53 -0300, Carlos Carvalho wrote:
    > Quey (qms01@optusnet.com.au) wrote on 13 September 2008 07:10:
    > >Is it possible to request a new feature that will help out some of us
    > >doing many mirrors, that is each mirror has their own system uid for
    > >security puroposes, it would be of great advantage (to I'm sure very
    > >many) to have an option to "save as user" rather than
    > >have the files/directories only owned by the mirror host side
    > >owner/group, or by root.
    > >
    > >maybe something like a --chown user.group

    >
    > We host many mirrors and this feature is not at all necessary. Just
    > run rsync with the user that owns that particular mirror. If you want
    > to launch the update as root just use su.


    Another option would be to use an rsync daemon on the receiving side and
    specify the desired user and group owner for each module with the "uid"
    and "gid" parameters in the configuration file.

    Matt

    --
    Please use reply-all for most replies to avoid omitting the mailing list.
    To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
    Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html


  6. Re: Feature request: save-as-user

    On 14/09/08 04:53:55, Carlos Carvalho wrote:
    > Quey (qms01@optusnet.com.au) wrote on 13 September 2008 07:10:
    > >Is it possible to request a new feature that will help out some

    > of
    > us
    > >doing many mirrors, that is each mirror has their own system uid

    > for
    > >security puroposes, it would be of great advantage (to I'm sure

    > very
    > >many) to have an option to "save as user" rather

    > than
    >
    > >have the files/directories only owned by the mirror host side
    > >owner/group, or by root.
    > >
    > >maybe something like a --chown user.group

    >
    > We host many mirrors and this feature is not at all necessary. Just
    > run rsync with the user that owns that particular mirror. If you
    > want
    > to launch the update as root just use su.


    We feel it is for security reasons.
    A number of these mirrors are also WWW mirrors with all sorts of php
    and cgi crud, we have some mirrors that actually have the same remote
    server uid, therefor they both have the same uid on our system, and
    if one was attacked and exploited then I dont want to have anyone
    have to explain why another mirror was also taken, script kiddies can
    be very bored sometimes and as you know once acces sis gained as user
    X, then you can do whatever as user X, and I rather be safer than
    sorry, the patch Wayne has pointed me to means we no longer have to
    run dozens of recursive chowns in the crons adding to the high I/O
    already on those machines.


    > --
    > Please use reply-all for most replies to avoid omitting the mailing
    > list.
    > To unsubscribe or change options:
    > https://lists.samba.org/mailman/listinfo/rsync
    > Before posting, read:
    > http://www.catb.org/~esr/faqs/smart-questions.html
    >

    --
    Please use reply-all for most replies to avoid omitting the mailing list.
    To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
    Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html


+ Reply to Thread