LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page rsync over ssh and file permissions security problem ?
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-13-2008, 09:08 AM   #1
uncle-c
Member
 
Registered: Oct 2006
Location: The Ether
Distribution: Ubuntu 16.04.7 LTS, Kali, MX Linux with i3WM
Posts: 299

Rep: Reputation: 30
rsync over ssh and file permissions security problem ?

Hello,
I had a directory, files , containing some files on computerA. The directory was owned by user/group root and the files within were also owned by the same. The directory and file permissions were rwxr-xr-x i.e 755.
I was logged in on computerB as a non-root user and wanted to transfer this whole directory over using rsync so I issued the following command :
Code:
computerB_$ rsync -ave ssh non-root@computerA:/files .
I used a non-privileged user name to log into computerA to download the files directory. The above command was successful.
The worrying this was that on computerA the files directory and all the files within were owned by root but I was able to transfer a root /user/group owned directory to computerB as a non-root user. Also once the directory had been transferred onto computerB it inherited the local users ownership permissions. What is there to stop any non-root user logging into computerA, so long as they have an account on that machine, and downloading sensitive system files and directories ?

Thanks !

Uncle.
 
Old 03-13-2008, 09:23 AM   #2
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,596

Rep: Reputation: 80
chmod o-rxw sensitive_file
chmod -R o-rxw sensitive_directory
 
Old 03-13-2008, 10:05 AM   #3
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
When you run rsync with -a which is archiving mode the file permissions are preserved.

If you do not want this you need to add --no-o

Code:
rsync -ave --no-o
 
Old 03-13-2008, 11:21 AM   #4
Arwkin
LQ Newbie
 
Registered: Oct 2007
Distribution: MEPIS
Posts: 15

Rep: Reputation: 0
Have you looked in the rsyncd.conf man pages? This may answer your security/access questions.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rsync + ssh almost got it! But having a wierd problem :( neyoung Linux - Software 6 02-22-2007 02:54 AM
Windows Rsync Upload to Linux Rsync - permissions inspleak Linux - Software 0 10-12-2004 02:49 PM
SSH and RSYNC problem pixie Linux - General 2 03-02-2004 11:02 AM
problem with ssh-based, rsync reitsma Linux - Software 3 07-07-2003 04:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:47 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration