On the receiving host, change the file /etc/rsyncd.conf. For example, show a module called “backup” that stores files in the /backup directory.
[receiver ~] # cat /etc/rsyncd.conf -- ..removed.. [backup] path = /backup/ comment = backup area read only = false fake super = true # Uncomment the following line if necessary. # uid = root # gid = root
The fake super option is needed to keep the SELinux context information as an extended attribute, since rsync can’t change the context of newly created files or directories on the receiver. The -X option should be used both when making a backup and when restoring it. It makes sure that extended attributes are transferred.
Make the /backup directory and give users permission to use it.
[receiver ~] # mkdir /backup
Set the rsync full access SELinux boolean to true. It allows the rsync server to manage all of the system’s files and folders.
[receiver ~] # setsebool -P rsync_full_access 1
Alternatively To restrict access to only files and directories with the SELinux context type public_content_rw_t, use the rsync_anon_write boolean instead of rsync_full_access.
[receiver ~] # semanage fcontext -a -t public_content_rw_t /backup [receiver ~] # setsebool -P rsync_anon_write 1
These changes are persistent across boot. Enable and start rsyncd.service as follows.
[receiver ~] # systemctl enable rsyncd [receiver ~] # systemctl start rsyncd
If firewalld is running, use the following command to allow ports for sync.
[receiver ~] # firewall-cmd --add-service=rsyncd --permanent [receiver ~] # firewall-cmd --reload
Use the following command to sync a file from the sender host to /backup.
[sender ~] # rsync -avX /var/ ::backup