Results 1 to 4 of 4

Thread: rsync and permissions question

Hybrid View

  1. #1
    Join Date
    Nov 2007
    Posts
    93
    Rep Power
    8

    Default rsync and permissions question

    I am trying to rsync the /opt/zimbra directory to another remote server. I have added my rsync user to the zimbra group, which works pretty well. However, I get access denied on many files and it looks like those files are no access at the group level.

    Since I can't/won't allow root to SSH from outside, I think my only options are:

    1. to change the permissions to "read" at the zimbra group level for the entire zimbra directory or

    2. Have the zimbra user do the rsync

    On the first, I'm not sure what effect that will have on my live production server

    On the second, I don't know the Zimbra user password and would not want to go assigning one.

    Does anyone have any advice?

  2. #2
    Join Date
    Mar 2013
    Posts
    3
    Rep Power
    2

    Default

    Quote Originally Posted by rusty View Post
    I am trying to rsync the /opt/zimbra directory to another remote server. I have added my rsync user to the zimbra group, which works pretty well. However, I get access denied on many files and it looks like those files are no access at the group level.

    Since I can't/won't allow root to SSH from outside, I think my only options are:

    1. to change the permissions to "read" at the zimbra group level for the entire zimbra directory or

    2. Have the zimbra user do the rsync

    On the first, I'm not sure what effect that will have on my live production server

    On the second, I don't know the Zimbra user password and would not want to go assigning one.

    Does anyone have any advice?

    I run zimbra bacup script through a cronjob with out any issues... The only issue (with the script im using) is open files but it stops the services breifly for that

    it dumps erveything to a local mount first and then does a separate rsync once done to the remote server

  3. #3
    Join Date
    Sep 2009
    Posts
    18
    Rep Power
    6

    Default

    Hi,

    For syncing /opt/zimbra completely you would require the root access.

    eg. the commands in /opt/zimbra/libexec are to be run with root access.

  4. #4
    Join Date
    Oct 2012
    Posts
    5
    Rep Power
    3

    Default

    You can still back up as root without SSH allowing root users. For example; you can create a user called "rsyncmail" on the zimbra server, and add this to visudo:

    rsyncmail ALL=NOPASSWD:/usr/bin/rsync

    You may need to comment out "Defaults requiretty" as well in the sudo configuration. Then create the file /usr/local/bin/rsync_wrapper.sh with the following:

    #!/bin/sh
    /usr/bin/sudo /usr/bin/rsync "$@";


    Then set the permissions (chown rsyncmail:root /usr/local/bin/rsync_wrapper.sh ; chmod 550 /usr/local/bin/rsync_wrapper.sh). Enable password-less SSH with your usual way. For example:

    [backup server, IF the keys are not already generated] ssh-keygen -t rsa
    [backup server] ssh-copy-id -i ~/.ssh/id_rsa.pub rsyncmail@active.domainip.com

    Now on the zimbra server, optionally edit the /home/rsyncmail/.ssh/authorized_keys file and prefix:

    from="1.2.3.4",no-port-forwarding,no-X11-forwarding,no-agent-forwarding

    just before the ssh-rsa AAAAB3Nza... hash (replacing 1.2.3.4 with your backup server's IP address).

    Then run rsync from your backup server, with the user rsyncmail and with the rsync argument "--rsync-path=rsync_wrapper.sh"

    This may not be perfectly secure, but is much better than setting up password-less root access on the zimbra server. (You can further enchance security by using the command="" option in the SSH to restrict the commands that can be run)

    It's best to back up either with LVM snapshots or with zimbra stopped during the backup. Also, I recommend rsnapshot rather than using rsync directly; so that you have previous copies of backups rather than just a simple sync which would be disasterous if it runs _after_ some sort of corruption, as you'd end up with just another corrupt copy with no working backup.

Similar Threads

  1. Backup zimbra server with rsync
    By Bullz3y3 in forum Administrators
    Replies: 6
    Last Post: 04-26-2012, 03:41 AM
  2. ZCS-NE : rsync /opt/zimbra/backup
    By breverend in forum Administrators
    Replies: 13
    Last Post: 10-04-2011, 04:38 PM
  3. rsync or cp -a ?
    By tiger2000 in forum Administrators
    Replies: 1
    Last Post: 12-30-2009, 03:30 AM
  4. Error after rsync
    By fviero in forum Administrators
    Replies: 2
    Last Post: 08-31-2009, 01:12 PM
  5. Backups using rsync
    By jimbo in forum Administrators
    Replies: 3
    Last Post: 09-09-2006, 12:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •