RSYNC Permission Issues without Sudo (Retain AFS Permissions)

djcalve2 · 02-23-2015, 09:48 AM

I'm attempting to rsync a directory with several subdirectories from one machine to another and retain the AFS user-specific permissions in each individual subdirectory. As of now, I tried to fix this by adding the 2 network users and the "throwaway" local user (a dummy user solely for the purpose of having a cronjob to perform the rsync) to the same group as the directory, and giving the local user ownership of the destination directory. When I do this, it gives permission to the local user to use mkdir inside of the directory on the client machine. Unfortunately, the permissions are erased and the dummy user has full permissions. This needs to be done without sudo because that would create security issues. How can I rsync and retain original AFS user permissions without giving the dummy user sudo?

Wocky · 02-23-2015, 11:13 PM

Have a look at setcap(8). It might work, depending on your OS and the filesystems in use.

djcalve2 · 03-02-2015, 08:24 AM

For setcap, can you give the user these capabilities or the file itself? It also seems as if setcap is only for executable files.

rknichols · 03-02-2015, 08:49 AM

You can give the "dummy" user sudo permissions for just the exact rsync command (including all args) that needs to be run and nothing else. To allow the command to be run from a cron job, you would also need the "!requiretty" and probably "!lecture" options, as well as "NOPASSWD" for that rsync command. For example:

Code:

Defaults: dummyuser !lecture, !requiretty
dummyuser localhost = NOPASSWD: /usr/bin/rsync -av somehost:/some/directory/ /dest/directory

That allows dummyuser to run exactly "sudo /usr/bin/rsync -av somehost:/some/directory/ /dest/directory" and no variation of that rsync command.