Typically, the rsync tool operates through the secure shell (SSH) protocol when synchronizing files between a client on a local system and a host situated remotely. Nevertheless, there is an alternative to execute it as a daemon if the user prefers not to utilize the ssh protocol.
Due to the absence of encryption in the data transmission process, it is crucial to exercise caution by exclusively utilizing trustworthy networks or implementing encryption measures such as employing a stunnel for secure transfer.
Server Configuration
Create an rsync user without a login shell.
useradd -s /sbin/nologin rsync_user
mkdir /rsync_files chown -R rsync_user:rsync_user /rsync_files
Create an rsync user without a login shell.
log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock [rsync_files] path = /rsync_files comment = All rsync'd files are located here read only = false list = yes auth users = rsync_user gid = rsync_user pid = rsync_user strict modes = false secrets file = /etc/rsyncd.scrt
The term "rsync_files" refers to the designated name assigned to the rsync module being generated.
The path refers to the specific location of the shared rsync directory.
The term "auth users" refers to the designated username assigned to the rsync user.
The secrets file refers to the specific location where the file containing the password information for rsync users is stored.
The global identifier (gid) and user identifier (uid) are configured to correspond to the designated username of the rsync user. This practice guarantees that the synchronized files retain the ownership assigned to the rsync user.
The task at hand involves the creation and modification of the /etc/rsyncd.scrt file. The contents of this file should exclusively consist of the login and password associated with the rsync user. The absence of a login shell for this user necessitates the configuration of the password solely through this file.
echo "rsync_user:seimaxim" > /etc/rsyncd.scrt
chmod 600 /etc/rsyncd.scrt
Make sure you use a more secure password than seimaxim.
firewall-cmd --add=port=873/tcp --perm firewall-cmd --reload
Start the rsync daemon.
rsync --daemon
Client Configuration
There is no tangible configuration required on the client side. The user will be required to enter the password for the secrets defined on the server side. Additionally, they must specify the rsync module.
rsync OPTIONS USER@SERVER::MODULE
rsync -auv *.log rsync_user@192.168.0.1::rsync_files
This would copy and sync files that have been updated or added ending with the .log extension from the current directory on the client to the remote rsync server (with the IP address shown here) using the rsync user and the module that was defined on the server. In this case, the rsync user is called rsync_user, and the module is named rsync_files.
You will be prompted to type in the password defined in the secrets file on the remote rsync server. You can either type it in each time or you can use one of these two options.
export RSYNC_PASSWORD=seimaxim
Create a text file with the password defined in the secrets file, change the permissions, and specify the location.
echo "seimaxim" > /root/secrets.scrt chmod 500 /root/secrets.scrt rsync -auv *.log rsync_user@192.168.0.1::rsync_files --password-file=/root/secrets.scrt
