Home / Configure rsync as a daemon

Configure rsync as a daemon

Typically, the rsync tool operates through the secure shell (SSH) protocol when synchronizing files between a client on a local system and a host situated remotely. Nevertheless, there is an alternative to execute it as a daemon if the user prefers not to utilize the ssh protocol.

Due to the absence of encryption in the data transmission process, it is crucial to exercise caution by exclusively utilizing trustworthy networks or implementing encryption measures such as employing a stunnel for secure transfer.

Server Configuration

Create an rsync user without a login shell.

useradd -s /sbin/nologin rsync_user
Create the shared rsync directory and assign the correct permissions as follows.
mkdir /rsync_files
chown -R rsync_user:rsync_user /rsync_files

Create an rsync user without a login shell.

log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock

path = /rsync_files
comment = All rsync'd files are located here
read only = false
list = yes
auth users = rsync_user
gid = rsync_user
pid = rsync_user
strict modes = false
secrets file = /etc/rsyncd.scrt

The term "rsync_files" refers to the designated name assigned to the rsync module being generated.

The path refers to the specific location of the shared rsync directory.

The term "auth users" refers to the designated username assigned to the rsync user.

The secrets file refers to the specific location where the file containing the password information for rsync users is stored.

The global identifier (gid) and user identifier (uid) are configured to correspond to the designated username of the rsync user. This practice guarantees that the synchronized files retain the ownership assigned to the rsync user.

The task at hand involves the creation and modification of the /etc/rsyncd.scrt file. The contents of this file should exclusively consist of the login and password associated with the rsync user. The absence of a login shell for this user necessitates the configuration of the password solely through this file.

echo "rsync_user:seimaxim" > /etc/rsyncd.scrt
Set the correct permissions.
chmod 600 /etc/rsyncd.scrt

Make sure you use a more secure password than seimaxim.

The rsync daemon listens on port 873. Configure the firewall to allow rsync traffic.
firewall-cmd --add=port=873/tcp --perm
firewall-cmd --reload

Start the rsync daemon.

rsync --daemon

Client Configuration

There is no tangible configuration required on the client side. The user will be required to enter the password for the secrets defined on the server side. Additionally, they must specify the rsync module.

rsync -auv *.log rsync_user@

This would copy and sync files that have been updated or added ending with the .log extension from the current directory on the client to the remote rsync server (with the IP address shown here) using the rsync user and the module that was defined on the server. In this case, the rsync user is called rsync_user, and the module is named rsync_files.

You will be prompted to type in the password defined in the secrets file on the remote rsync server. You can either type it in each time or you can use one of these two options.

Use the RSYNC_PASSWORD option.
export RSYNC_PASSWORD=seimaxim
In this example, the password defined in the secrets file was seimaxim.
Use the PASSWORD-FILE option.

Create a text file with the password defined in the secrets file, change the permissions, and specify the location.

echo "seimaxim" > /root/secrets.scrt
chmod 500 /root/secrets.scrt
rsync -auv *.log rsync_user@ --password-file=/root/secrets.scrt

Leave a Reply