Rsyncd.secrets file linux permission: should not be read by group and others
Question
In my rsync server /etc/rsyncd.conf file, I have "secrets file = /etc/rsyncd.secrets".
If I change file permission with "chmod 600 /etc/rsyncd.secrets", after I ran rsync command on my client to the server, every thing work fine. If it's "chmod 644 /etc/rsyncd.secrets", however, my client end up with "@ERROR: auth failed on module www_cn_mad rsync error: error starting client-server protocol (code 5) at main.c(1534) [sender=3.0.9]" I don't know why 644 permission matters..
1 answers
solution1
3 2015-01-08 02:11:50
In Rsync, there is a parameter called "strict modes" that can be set in /etc/rsyncd.conf. By default, this parameter is true even if it is not set in the configuration file. "strict modes" runs a check on the secrets file to determine if it is readable by any other user id than what rsync is running under. This is good to have as a check that your secrets file is not visible to the world. If you want to use 644 permissions on the secrets file, you'll need to add the line
stricts modes = no
to your rsyncd configuration file to disable the check. I'd recommend you set 600 permissions and leave strict modes enabled for security.
-TW
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.