stackoom
  简体   繁体   中英

rsync in not working on startup?

 原文  2013-11-28 14:00:03       linux

Question

Hi I'm new in Linux and I have been trying synchronize two folder with rsync command. I'm using CentOS and when I execute command ( #rsync -zvr /tmp/f1/ /tmp/f2/ ) through command line is working fine, but through rc.local on rebooting is not working. The following message is showed: 

sending incremental file list

rsync: change_dir "/tmp/f1" failed: Permission denied (13)

rsync: ERROR: cannot stat destination "/tmp/f2/": Permission denied (13)

rsync error: errors selecting input/output files, dirs (code 3) at main.c(554) [receiver=3.0.6]

rsync: connection unexpectedly closed (9 bytes received so far) [sender]

rsync error: error in rsync protocol data stream (code 12) at io.c(600) [sender=3.0.6]

Please some help?

2 answers

solution1
 1  2013-11-29 10:02:22

You are having trouble with SELinux . SELinux is a module which allows for much more fine grained access control than file system permissions and ACLs do. Among others, it will disallow access to files for rsync by default, if it is not run by a user from a terminal. Now how can you let it access the files you want?

There are two options. If you are only dealing with directories no other service (including httpd or such) needs access to, you can do the following: 

semanage fcontext -a -t public_content_t "/tmp/f1(/.*)?"
semanage fcontext -a -t public_content_t "/tmp/f2(/.*)?"

This should persistently change the SELinux rules to make the directories /tmp/f1 and /tmp/f2 accessible by rsync. In fact, it will set the public_content_t type on the directories and the files. Nodes with that type are accessible by rsync. However, there is a catch, as mentioned: A node (directory or file) can only have one type. Many services have other requirements for files they access, (eg sshd requires ssh_t ), so you cannot do this in /etc for example.

Another solution is to persistently allow rsync access to all files. This is fine if you do not run the rsync daemon: 

setsebool -P rsync_full_access 1

Afterwards, rsync will be able to access all files, even if run from init and not from a users terminal.

Why does it make a difference if rsync is started by a daemon or by a user?

(this is only true for the most common, targeted policy)

SELinux knows users, and normal users use the SELinux-user unconfined_u. unconfined_u is allowed to do pretty much everything the file system ACLs allow it to do. However, init and such are running as system_u, and system_u is far more constrained. This helps to prevent attacks on httpd and other exposed daemons.

solution2
 0  2013-11-28 14:17:44

If you have just rebooted /tmp will have been cleared and so /tmp/f1 and /tmp/f2 will not exist

rc.local usually runs quite late in the boot sequence so I'd guess that /tmp is mounted rw but it's possible that it is still only mounted ro

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Rsync command not working in java rsync with --exclude flag is not working? rsync wildcard not working in bash script Possible to add current date to rsync working path? rsync --exclude-from 'list' file not working rsync --exclude and --exclude-from not working Auto-rsync when saving file on VIM not working because rsync prompts password BASH Rsync exclude not working. Possible error in syntax? Executing rsync via web server bash script not working Only first line of startup script working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM