This document is meant to very quickly show how one can get a basic rsync server set up in Linux. For further information on rsync, see the documentation page or contact me. I'd appreciate any feedback you leave me, so I know whether this doc is helpful, and how to improve it in the future.|
Get rsync. If your distro doesn't have packages, hit FreshMeat.
Create a file: "/etc/rsyncd.conf", with the contents:
max connections = 2
log file = /var/log/rsync.log
timeout = 300
comment = Random things available for download
path = /path/to/my/public/share
read only = yes
list = yes
uid = nobody
gid = nobody
auth users = pub
secrets file = /etc/rsyncd.secrets
This will create a module named "pub" that points to "/path/to/my/public/share", is read-only, allows access only to rsync user "pub", and verifies the password from "/etc/rsyncd.secrets". Note that this runs the rsync process as user and group "nobody", so you may want to make the the files world readable (chmod a+r), and the directories world listable (chmod a+x). Also, if a user connects to your rsync without any files/dirs specified, this share will be listed.
Note: On Debian, group "nobody" doesn't exist. Use "nogroup" instead (same thing, different name) for the "gid" line. The same me be true for your distro if you get "invalid gid" errors when testing rsync.
Optional: Some have asked how to control access to rsync by IP address or hostname. To accomplish this, you can use either of the "hosts allow" or "hosts deny" directives. The line(s) should go in the block following the module name (in this case, somewhere after "[pub]"), and take the format:
hosts allow = 192.168.0.0/24
This line would allow access from all hosts in the 192.168.0.x IP range, assuming they are properly authenticated by user/password, and block everyone else ("hosts deny" is not even necessary in this case, it's implicit that all other hosts are denied). The IP/hostname specifications can take multiple forms, which are described in more detail in "man rsyncd.conf".
Optional: If you're creating multiple rsync modules, you may be pleased to know that any of the parameters from the module section above can be moved to the global section. For example, if the "uid" and "gid" parameters from the "pub" section are moved into the global section above, those two settings will apply to "pub" and any other rsync module that doesn't explicitly override the parameters.
- Create a file: "/etc/rsyncd.secrets", with the contents:
This simply makes a user pub, with password pub. Note that since this password is in plain text, the file MUST be owned by only root, and readable by only root (chmod 600 /etc/rsyncd.secrets). Otherwise, any local user/exploit may view the password, and rsync may not even start if the permissions are not correct.
This step differs depending on which Linux distribution you use. For distributions that use the inetd "super-server" (such as Slackware), use the first subsection below. For those that use xinetd instead (such as Fedora), use the second subsection.
Add to your: "/etc/inetd.conf":
rsync stream tcp nowait root /usr/bin/rsync rsync --daemon
Of course, you'll want to change the path to whatever is correct on your system, though /usr/bin/rsync should be the case for most.
Many distros that use xinetd already include a "/etc/xinetd.d/rsync" file. If this is the case, you can simply edit the file and change:
disable = yes
disable = no
If the file does not exist, create it, with the contents:
disable = no
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
- Add to your: "/etc/services":
If your services file already lists the rsync port, you don't need to add this entry (duh). Also, you can change 873 to any other number if you want to run rsync on a non-standard port.
- Run "
killall -HUP inetd" (or "
killall -HUP xinetd", if applicable) as root, to restart the inetd/xinetd daemons. You can alternatively run "/etc/init.d/xinetd restart" if you prefer to restart xinetd that way. rsync should now be ready to listen on the specified port.
How to test your rsync setup:
- Run: "
rsync rsync://pub@your-ip-or-hostname/". After entering your password (also pub), rsync should list the only available share, pub.
- Run: "
rsync rsync://pub@your-ip-or-hostname/pub/". After entering your password, rsync should now give a file listing. If there are no files listed, place some files and directories in the directory and try again.
- Run: "
rsync -v --progress --partial rsync://pub@your-ip-or-hostname/pub/someFile ." (you can abbreviate --partial --progress as -P). Your file should now be downloading.
- Run: "
rsync -aPv rsync://pub@your-ip-or-hostname/pub/someDirectory .". Your directory should now be downloading.
2007-01-07, Ranjit Singh suggested pointing out that module parameters are usable in the global section.
2006-04-01, Franz-Robert van Vugt suggested the alternate method of restarting xinetd.
2005-10-24, added xinetd info (thanks Jeff Silverman and S. Anbalagan), and information on allowing/denying certain IP addresses (suggested by Jeff), edited various minor portions (including testing section).
2004-12-17, added note about "nogroup" (thanks Michael Farrell).
2003-05-18, fixed spelling error (rsnycd.conf).
2002-10-14, updated config (logging).
Leave me some feedback!