CSUF LogoCSUF Site Navigation
optics.csufresno.edu

F14 Network/Filesystem Services & Applications rsync Server

Department of Electrical and Computer Engineering
Assistant Professor Gregory R. Kriehn
Forums
Wiki
F14 rsync Server

When run in daemon mode, rsync can also be used to remotely serve files out (such as people connecting from other places on the internet). You can use launch rsync with the --daemon option to do this, or you can use xinetd, the extended internet services daemon to do it for you. The advantage of using xinetd is that it can limit the rate of incoming connections, restrict connections from specific hosts, limit access based upon the time of day, etc. In this case, that is what we will be using.

Install xinetd

xinetd is not installed by default under Fedora 14, so use yum to install it:
~> yum install xinetd
Enable rsync via xinetd

Edit the /etc/xinetd.d/rsync file, and turn the disable option to no. This will allow rsync to be run via xinetd:
service rsync
{
        disable = no
        flags           = IPv6
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/bin/rsync
        server_args     = --daemon
        log_on_failure  += USERID
}
Save and exit. Next make sure that xinetd is configured to be run at boot time:
~> sudo chkconfig --level 345 xinetd on
Save and exit.

Poke a hole in the firewall and configure SELinux

See my Firewall page regarding poking a hole in TCP Port 873 for the rsync Server. With regard to SELinux, make sure that the directories that you want people to have access to have a public setting so that SELinux does not block the transfer:
~> sudo chcon -R -t public_content_t [path to files]
The -R option changes the files recursively. Read the man page for chcon for more options.

Create a banner and rsync configuration file

Create a /etc/rsync/rsyncd.motd file that contains any banner information that you want to provide regarding your rsync service. For example, my file looks like:
Professor Kriehn's rsync Service
Hosting Kriehn Fedora Repository
In this case, the purpose of my rsync server is to allow people mirroring my repository to have access to it. Save and exit.

Next, create a /etc/rsyncd.conf file with the following information:
# Configuration file for rsync daemon
# See rsync(1) and rsyncd.conf(5) man pages for help

# This line is required by the /etc/init.d/rsyncd script
pid file = /var/run/rsyncd.pid

uid = nobody
gid = nobody
use chroot = yes
read only = yes

# Limit Access
hosts allow=192.168.0.0/255.255.0.0 10.0.0.0/255.0.0.0 172.16.0.0/255.240.0.0
hosts deny=*

max connections = 15
motd file = /etc/rsync/rsyncd.motd

log file = /var/log/rsync/rsync.log

#This will log every file transferred - up to 85,000+ per user, per sync
transfer logging = yes

log format = %t %a %m %f %b
syslog facility = local3
timeout = 300

socket options = SO_KEEPALIVE

[module]
path=[path to files to be served]
read only=no
uid = apache
gid = apache
hosts allow=[hostname]
comment = [comments]
With this configuration file, you are less limiting access to your local network. If you want people outside of your LAN to have access to the files, add the appropriate IP addresses to the hosts allow section. Likewise, you can change the max number of connections. Under the [module] section, replace it with a name for your directory structure that is going to be served remotely. For example, my module section is [fedora] (you must use the braces!), the path=/var/www/html/fedora/ (the location of my Fedora repository files) and comment=Kriehn Fedora RPM Repository. When you are finished tailoring your configuration file to your needs, save and exit.

Set up log support

Since the rsync configuration file is going to use the local3 syslog facility, we need to enable it. Edit/create a /etc/syslog.conf file and add the following line:
local3.*
Save and exit. Then create an empty log file:
~> sudo mkdir /var/log/rsync
~> sudo touch /var/log/rsync/rsync.log
Change the permissions of the file and the security context:
~> sudo chmod 600 /var/log/rsync/rsync.log
~> sudo chcon -t var_log_t /var/log/rsync/rsync.log
Then create a /etc/logrotate.d/rsync file for log rotation:
/var/log/rsync/rsync.log {
    compress
    missingok
    notifempty
    size 100k
    create 0600 root root
}
Save and exit.

Add rsync to /etc/passwd and /etc/group

Edit /etc/passwd and add an input for rsync at the bottom of the file:
rsync:x:1000:1000:rsync daemon::/sbin/nologin
Save and exit. Next edit /etc/group and also add an input for rsync:
rsync:x:1000:
Save and exit. Then change the ownership of permissions of the directory you want to give rsync access to:
~> sudo chmod g+w /var/www/html/fedora
~> sudo chown apache.rsync /var/www/html/fedora
Test the setup

Restart xinetd so that it can launch rsync in daemon mode:
~> sudo service xinetd restart
You should see the daemon successfully stop and restart:
Stopping xinetd:                                           [  OK  ]
Starting xinetd:                                           [  OK  ]
Then test rsync:
~> rsync rsync://[hostname].[domain].[name]
You should see the banner information along with any modules you created. In my case, if I wanted to rsync files over, I want them archived recursively, would like to preserve the times, and would like for rsync to be verbose about it. Since I have created a [upload] module, I would then rsync files by the following command:
~> rsync -avrt *.rpm rsync://optics.csufresno.edu/upload/14/i386/.
If you have permissions to access the files, they will now be rsync'd over.