Typically, the rsync tool operates through the secure shell (SSH) protocol when synchronizing files between a client on a local system and a host situated remotely. Nevertheless, there is an alternative to execute it as a daemon if the user prefers not to utilize the ssh protocol.
Due to the absence of encryption in the data transmission process, it is crucial to exercise caution by exclusively utilizing trustworthy networks or implementing encryption measures such as employing a stunnel for secure transfer.
Server Configuration
Create an rsync user without a login shell.
useradd -s /sbin/nologin rsync_user Create the shared rsync directory and assign the correct permissions as follows. mkdir /rsync_files chown -R rsync_user:rsync_user /rsync_filesCreate an rsync user without a login shell.
log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock [rsync_files] path = /rsync_files comment = All rsync’d files are located here read only = false list = yes auth users = rsync_user gid = rsync_user pid = rsync_user strict modes = false secrets file = /etc/rsyncd.scrtThe term “rsync_files” refers to the designated name assigned to the rsync module being generated.
The path refers to the specific location of the shared rsync directory.
The term “auth users” refers to the designated username assigned to the rsync user.
The secrets file refers to the specific location where the file containing the password information for rsync users is stored.
The global identifier (gid) and user identifier (uid) are configured to correspond to the designated username of the rsync user. This practice guarantees that the synchronized files retain the ownership assigned to the rsync user.
The task at hand involves the creation and modification of the /etc/rsyncd.scrt file. The contents of this file should exclusively consist of the login and password associated with the rsync user. The absence of a login shell for this user necessitates the configuration of the password solely through this file.
echo “rsync_user:seimaxim” > /etc/rsyncd.scrt Set the correct permissions. chmod 600 /etc/rsyncd.scrtMake sure you use a more secure password than seimaxim.
The rsync daemon listens on port 873. Configure the firewall to allow rsync traffic. firewall-cmd –add=port=873/tcp –perm firewall-cmd –reloadStart the rsync daemon.
rsync –daemonClient Configuration
There is no tangible configuration required on the client side. The user will be required to enter the password for the secrets defined on the server side. Additionally, they must specify the rsync module.
rsync OPTIONS USER@SERVER::MODULE rsync -auv *.log [email protected]::rsync_filesThis would copy and sync files that have been updated or added ending with the .log extension from the current directory on the client to the remote rsync server (with the IP address shown here) using the rsync user and the module that was defined on the server. In this case, the rsync user is called rsync_user, and the module is named rsync_files.
You will be prompted to type in the password defined in the secrets file on the remote rsync server. You can either type it in each time or you can use one of these two options.
Use the RSYNC_PASSWORD option. export RSYNC_PASSWORD=seimaxim In this example, the password defined in the secrets file was seimaxim. Use the PASSWORD-FILE option.Create a text file with the password defined in the secrets file, change the permissions, and specify the location.
echo “seimaxim” > /root/secrets.scrt chmod 500 /root/secrets.scrt rsync -auv *.log [email protected]::rsync_files –password-file=/root/secrets.scrt