Permissions for rsync'ing
 

I have a folder that I want to rsync over to another server. This folder, /data/pictures, has photo: photo as the user:group on it with 774 as permissions. Well I have another account called backup on this server and my backup server which is where i want to copy the files to.

What's the best way to give backup user permission to /data/pictures. my /data/pictures is shared out in samba with a forced connection of photo: photo also, which i can't break that. In Windows I would just add the backup account at the pictures level and would be all set, not sure how to do it here other than a chmod 777, which isn't good because that folder is also a file share.

Hello,

If all files and perhaps folders as well under the path /data/pictures are 774... surely i'd be thinking all that needs to happen so your other user can decend into other directories pre-existing in /data/pictures would be to set However if there aren't any other directories within the path you have provided /data/pictures, then i cannot see a problem here and the backup user should already be able to see the files within /data/pictures.... This depends on the permissions of
However setting the 775 or even 774 means any user on the server can at least read the files within "/data/pictures/..."

Perhaps showing the output of:-
Would help solve this all for sure.

You might also want to look into extended ACL's but that might be going to far for what your looking for.

Regards,
M

There are indeed subfolders under pictures. it is 774 throughout. when I do the ls -l /data/pictures, it only shows me ?'s instead of the permissions, owner, group etc. The other two commands show accurate info.

based on your 775 comment, so rsync needs read and execute permission at a minimum on the source folder?

Ok thats great.. but to work out if the permissions are open enough to enable the backup user to access the files/folders for backup... and i assume your receiving an error when running the rsync relating to a permission problem? Therefore it would be useful to see the actual output of the commands.

One quick way would be to login as the backup user and check if that user can browse and see all the folders and files including going through sub directories as well and checking the backup user has permission enough to dive into them. Or if you get a permissions error... Otherwise i must be lost on your original question?!?!
Regards,
M

I get readlink failed permission denied on each subfolder right under pictures. under my backup account, i cant even do a cd pictures to get into the directory. I guess I more just need to know how to give the backup account just enough permissions to get into there to rsync to another server, without messing up my photo account & group on there which are for the samba share of the /data/pictures

The e[X]ecute bit on a directory allows someone to e[X]plore. That should help you remember.

Any directory containing files that need to be accessed by userx.groupy needs to have the execute bit set for userx, or groupy, or all (e.g.others).

hi lutusp. so if i'm following what your saying, i need to chmod 775 to 1) keep my photo. photo in tact for my samba share and 2) give permission to that backup account which isn't in the photo group.

or would it be better to add backup into the photo group? can an account belong to more than one group at a time?

Yes... exactomondo...

Execute and explore... :-) nice method..

Anywho
Yes you could also add the backup user to the photo group... and then you could chmod -R 770 /data/pictures making it more secure still!!

And either way... it will be fine after that.
Cheers,
M

however chmoding -R 770 or whatever is only any good if new files beng uploaded are uploaded either with the correct permissions or forced to the correct permissions... but thats a whole other subject.

my backup account is already in a group, will that mess it up if i add it to the photo group as well? can it belong to more than one group?

You can have masses of users all in masses of different accounts. And you can delve even deeper when it comes to extended ACL's.. but as i said thats probably for another time :-)

Yeah, since I don't even know if a user can belong to multiple groups, I should probably leave extended ACLs for later!

I guess I'll just add backup into the photo group, as soon as I can google how to do that haha.

Thanks for the help everybody.

:-)

Its relativly simple... but also depends on how you best want to learn and use linux... command line based or GUI.

It likely your GUI will already have some sort of User Management system in place to help with this... other wise your looking to probably use the usermod/moduser command (different depending on the distro..)

But probably something along the lines of:-
Meaning... depending on the distro and version of stuff (so to speak)
Modify user and -a (add/apend) to -G (group name) and then the username backup.

Hope it helps either way.
Regards,

thanks, I'm using RHEL with CLI only.

Good for you.. I tend to use CLI day to day... its pretty cool! But some things are still easier left in a GUI.. so me thinks a nice mixture is not bad!

Then you should look at man usermod... or man moduser... and read up on that one, its been a while since i used red hat but i'm sure one of those will give you some info to go on.

Cheers,
M