I have two servers: source-server and target-server. I want use lsyncd to sync files in a directory on source-server to another directory on target-server.
In my ssh daemon, on both servers, I have root logins disabled (PermitRootLogin no) so I can't use the root user to run lsyncd over ssh.
I created a user 'syncer' on both servers that has a key-pair allowing password-less ssh logins from source-server to target-server. So this works:
[syncer#source-server]$ ssh syncer#target-server
My lsyncd.conf looks like this:
settings = {
logfile = "/var/log/lsyncd.log",
statusFile = "/var/log/lsyncd.stat",
statusInterval = 2
}
sync {
default.rsync,
source="/var/www/html/",
target="target.server.ip:/backup/",
rsync = {
rsh ="/usr/bin/ssh -l syncer -i /home/syncer/.ssh/id_rsa",
compress = true,
acls = true,
xattrs = true,
archive = true
}
}
And it works except the owner of replicated files on the target server is always 'syncer'. The permissions of the source are respected and replicated correctly on the target. I just can't figure out a way to preserve the owner (and group) of the replicated files. (i.e., if the file on source is owned by 'deknuth', I would like the synced file on target to also be owned by 'deknuth' not 'syncer').
TIA
To close this out, using the non-root user will always move a file with that non-root user being the owner on the destination -- regardless of who owned it on the source. This may be acceptable. If not, run lsyncd as root and allow root logins with a key pair.
Related
We have a RHEL server where multiple users have access to it through application. Application RStudio running on these servers default the workspace to the users /home folder. Though there is separate space provided for individual users, users tend to store the files onto /home filling up the /home.
Is there any possibility to restrict users from storing data to their home folders either at server level or R Studio level which would force them to use the provided location?
Though there are options to change the default workspace for all the users, due to the large number of teams each having their sensitive data, it is not possible to have a shared folder as default location.
You could create a group without write permissions on home folder and start rstudio through the command sg, which allows you to start it with the group id with reduced permissions.
The ls -l command displays directory contents in long format. The long format contains both permissions and ownership.
# ls -l
With chown you can change owner and group associated to a file/directory (-R == recursive)
# sudo chown -R user01:groupA Directory
By setting the owner and the single group, the others will have restrictions (if set) in accessing files / folders.
The chmod command is used to modify the various permissions/restrictions.
# sudo chmod -c ug=rwx,o= file1
going specifically
-c == report if the change is made
u == user
g == group
rwx == read, write, execute
o == others
=null == no permission
For create a new group you can use groupadd
# sudo groupadd rstudiogroup
You will have to set the new group created as the owner of the save destination folder and finally start the software through the command sg
# sudo sg rstudiogroup -c rstudio
I work under Centos 7.
For some time, I have a problem with the FTP /home/students directory whose access rights( permission) is set to 750. When I create a file as user students the file access permission is 644 (read/write for the owner and read-only for other users). But when the students user receives files by SFTP (with authentication by ssh key), the permission of these files is 600.
Can the right of access (permission) be imposed by the one who uploads the file by SFTP?
How to make the default permission for files received by SFTP automatically 644?
Thank you
I think u should do something like this > Modify /etc/ssh/sshd_config :
Subsystem sftp internal-sftp -m 0644
Then u should reload the SSHD Configuration :
sudo systemctl reload sshd
Just upgrade to Ubuntu 12.XX LTS to 14.04.1 LTS.
My Samba server provides users the ability to write to their own directory by using the [homes] section. After upgrading, they no longer have write access to their home directories through Samba.
I have created a test directory with their home directory with permissions of 777 or 775 and they can create files/directories in it that are owned by them. If the permissions are 755 (which is my preference) then the user can't write to them. Since the file are being created as the proper user, I assume that writes are also being attempted by the correct user.
I am trying to write files into directory /home/morris/junk/zz1
drwxr-xr-x 5 morris morris 4096 Nov 30 00:43 zz1
Any help would be GREATLY appreciated!
The relevent segments of my smb.conf are below.
[global]
log level = 3 acls:10
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
smb ports = 139 445
dns proxy = No
panic action = /usr/share/samba/panic-action %d
hosts deny = 192.168.1.4
veto files = Maildir/imap,Maildir
wide links = Yes
unix extensions = no
[homes]
hide dot files = yes
valid users = %U
read only = No
wide links = yes
writeable = yes
I am trying to transfer files over to my virtual machine
I tried the command
scp files user#xxx.xx.xx.xxx:/home/user/directory
I am later asked to enter the password for user#xxx.xx.xx.xxx
When I enter the password the output is:
scp: /home/user/directory/filename: Permission denied
I thought perhaps I don't have the correct permissions or rights to the files?
So I checked rights for each file and it is
-rwxr-xr-x
Not really sure what I need to do to correctly SCP my files over to my virtual machine
Make sure that user exists on both machines and that it has permission to write to the destination directory. This means the destination directory must either be a) world-writable, b) writable by a group that user belongs to, or c) owned by user.
I need to run backups from multiple servers to a single account on another server. If one of the public servers is compromised, I don't want the other server's files on the backup account compromised.
What I need to do is only allow SCP to a specific directory, based on the ssh key of the incoming connections.
I know that I can set the shell, and several options on a per key basis in the authorized_keys file. http://www.manpagez.com/man/8/sshd/ (Scroll down to "AuthorizedKeysFile")
What I don't know how to set the internal-sftp command to only use a certain directory. I don't have root on the the machine, so I can't do the normal internal-sftp + chroot.
It doesn't work that way.
What you need to do is set up a mini chroot jail for each backup host. It just needs to be able to run sh and scp (/dev only needs /dev/null entry).
Use jailsh as the login shell for each account.
Jailsh is a suid-root login shell that sets chroot jail to the directory marked by two consecutive slashes, drops root privs, and execs /bin/sh.