Re: [Jailkit-users] Another Question re: Apps that Require Root

[Calvin Cannon]

Thanks Olivier,

Great work on this project BTW.

So, would this work with ssh?  Would it be possible to simply turn on the setuid flag on the rsync executable rather than using rsync in daemon mode?  (Sorry to ask before trying myself.)  Would non-root user, "joeblow" be able to connect using ssh and then rsync his data in this way and still preserve user/group info?

I'm really trying to avoid rsync -d & stunnel if at all possible.  Ssh authentication simply scales much better.

Thanks!

 - CLC

On 7/12/06, Olivier Sessink <address@hidden> wrote:

> We're trying to set up Linux servers to rsync files onto a backup
> server over an ssh tunnel.  We currently have a jailed ssh account
> with rsync included in the jail.  The problem we run into however is
> that this configuration does not preserve the Unix permissions of the
> files, but rather saves the files under the user & group names of the
> account on the backup server.
>
> I have been able to preserve permissions by running an rsync daemon as
> root without an ssh tunnel.  (authentication is done through rsync
> rather than using ssh pub/private key files)  Ssh tunneling is
> preferred for many reasons, but I can't think of a way of preserving
> transferred file permissions without compromising the integrity of the
> jail.

any process that runs with root permissions can escape from a chroot jail.
however, it will delay a hacker..

But if you anyway want to run rsyncd as root, simply use the 'chroot'
utility to change into the root before starting rsyncd.

regards,
   Olivier




_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users