本文详细介绍了rsync服务的配置过程,包括rsyncd.conf文件的各项参数解释,如port、maxconnections、readonly等,以及如何通过修改这些参数实现安全的数据同步。同时,还讲解了如何设置密码文件进行身份验证,避免每次传输都需要手动输入密码。
shallow丿ove
[root@localhost ~]# vi /etc/rsyncd.conf
port=8730
log file=/var/log/rsync.log
pid file=/var/run/rysncd.pid
address=192.168.9.134
[test]
path=/tmp/rsync
use chroot=false
max connections=4
read only=no
list=true
uid=root
gid=root
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow=192.168.9.233
[root@localhost ~]# killall rsync
[root@localhost ~]# !ps
ps aux | grep rsync
root 4041 0.0 0.0 112656 972 pts/1 S+ 08:07 0:00 grep --color=auto rsync
[root@localhost ~]# rsync --daemon
[root@localhost ~]# !ps
ps aux | grep rsync
root 4043 0.0 0.0 114656 532 ? Ss 08:08 0:00 rsync --daemon
root 4045 0.0 0.0 112656 976 pts/1 S+ 08:08 0:00 grep --color=auto rsync
[root@localhost ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2465/master
tcp 0 0 192.168.9.134:8730 0.0.0.0:* LISTEN 4089/rsync
tcp 0 0 0.0.0.0:50458 0.0.0.0:* LISTEN 1513/rpc.statd
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:45289 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:20048 0.0.0.0:* LISTEN 1892/rpc.mountd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1412/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2465/master
tcp6 0 0 :::56409 :::* LISTEN 1513/rpc.statd
tcp6 0 0 :::2049 :::* LISTEN -
tcp6 0 0 :::59244 :::* LISTEN -
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::20048 :::* LISTEN 1892/rpc.mountd
tcp6 0 0 :::22 :::* LISTEN 1412/sshd
B
[root@centos11233 ~]# rsync -avLP 192.168.9.134::test/ /tmp/test/
rsync: failed to connect to 192.168.9.134 (192.168.9.134): Connection refused (111)
rsync error: error in socket IO (code 10) at clientserver.c(122) [Receiver=3.0.9]
--port 8730
[root@centos11233 ~]# rsync -avLP --port 8730 192.168.9.134::test/ /tmp/test/
receiving incremental file list
sent 26 bytes received 90 bytes 232.00 bytes/sec
total size is 1432 speedup is 12.34
max connections:指定最大的连接数,默认是0,即没有限制。 read only ture|false:如果为ture,则不能上传到该模块指定的路径下。 list:表示当用户查询该服务器上的可用模块时,该模块是否被列出,设定为true则列出,false则隐藏。 uid/gid:指定传输时要使用的用户名。 auth users:指定传输时要使用的用户名。 secrets file:指定密码文件,该参数连同上面的参数如果不指定,则不使用密码验证。注意改密码文件的权限一定要是600.格式:用户名:密码。 hosts allow:表示被允许连接该模块的主机,可以是IP或者网段,如果是多个,中间用空格隔开。也可以IP段/24。 当设置了auth users和secrets file后,客户端连服务端也需要用用户名密码了,若想在命令行中带上密码,可以设定一个密码文件。 rsync -avL test@192.168.133.130::test/test1/ /tmp/test8/ --password-file=/etc/pass 其中/etc/pass内容就是一个密码,权限要改为600
B
[root@centos11233 ~]# rsync --port=8730 192.168.9.134::
test
A 将/etc/rsyncd.conf的list=ture改为list=false
B
[root@centos11233 ~]# rsync --port=8730 192.168.9.134::
其实这是个安全选项
A
[root@localhost ~]# ls -l /tmp/rsync/
total 0
lrwxrwxrwx 1 root root 11 Dec 7 05:39 12.txt -> /etc/passwd
-rw-r--r-- 1 root root 0 Dec 7 04:42 world.txt
[root@localhost ~]# rm -rf /tmp/rsync/*
B 将改为uid=nobody gid=nobody
[root@localhost ~]# vi /etc/rsyncd.conf
port=8730
log file=/var/log/rsync.log
pid file=/var/run/rysncd.pid
address=192.168.9.134
[test]
path=/tmp/rsync
use chroot=false
max connections=4
read only=no
list=false
uid=nobody
gid=nobody
#auth users=test
#secrets file=/etc/rsyncd.passwd
hosts allow=192.168.9.233
[root@localhost ~]# id nobody
uid=99(nobody) gid=99(nobody) groups=99(nobody)
B
[root@centos11233 ~]# rsync -avP /tmp/test/ --port=8730 192.168.9.134::test/
sending incremental file list
./
rsync: failed to set times on "." (in test): Operation not permitted (1)
12.txt
1432 100% 0.00kB/s 0:00:00 (xfer#1, to-check=1/3)
world.txt
0 100% 0.00kB/s 0:00:00 (xfer#2, to-check=0/3)
sent 1576 bytes received 49 bytes 3250.00 bytes/sec
total size is 1432 speedup is 0.88
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1052) [sender=3.0.9]
权限不够
A
[root@localhost ~]# ls -l /tmp/rsync/
total 4
-rw-r--r-- 1 nobody nobody 1432 Dec 5 09:43 12.txt
-rw-r--r-- 1 nobody nobody 0 Dec 7 04:42 world.txt
[root@localhost ~]# ls -ld /tmp/rsync/
drwxrwxrwx 2 root root 35 Dec 7 08:44 /tmp/rsync/
可以尝试将/tmp/rsync/权限改动
将A的/etc/rsyncd.conf还原
B
[root@centos11233 ~]# rsync -avP /tmp/test/ --port=8730 192.168.9.134::test/
sending incremental file list
./
sent 68 bytes received 17 bytes 170.00 bytes/sec
total size is 1432 speedup is 16.85
A
[root@localhost ~]# ls -l /tmp/rsync/
total 4
-rw-r--r-- 1 root root 1432 Dec 5 09:43 12.txt
-rw-r--r-- 1 root root 0 Dec 7 04:42 world.txt
A
[root@localhost ~]# vi /etc/rsyncd.conf
port=8730
log file=/var/log/rsync.log
pid file=/var/run/rysncd.pid
address=192.168.9.134
[test]
path=/tmp/rsync
use chroot=false
max connections=4
read only=no
list=false
uid=root
gid=root
auth users=test
secrets file=/etc/rsyncd.passwd
hosts allow=192.168.9.233
将/etc/rsyncd.conf取消掉两行的注释
[root@localhost ~]# vi /etc/rsyncd.passwd
test:111
[root@localhost ~]# chmod 600 !$
chmod 600 /etc/rsyncd.passwd
[root@localhost ~]# rm -rf /tmp/rsync/*
A
[root@centos11233 ~]# rsync -avP /tmp/test/ --port=8730 test@192.168.9.134::test/
Password:
sending incremental file list
./
12.txt
1432 100% 0.00kB/s 0:00:00 (xfer#1, to-check=1/3)
world.txt
0 100% 0.00kB/s 0:00:00 (xfer#2, to-check=0/3)
sent 1576 bytes received 49 bytes 650.00 bytes/sec
total size is 1432 speedup is 0.88
为了避免每次备份时都要手动输入密码造成的麻烦,可以再客户端内设置一份密码文件
A
[root@localhost ~]# rm -rf /tmp/rsync/*
B
[root@centos11233 ~]# vi /etc/rsync_pass.txt
111
[root@centos11233 ~]# chmod 600 /etc/rsync_pass.txt
[root@centos11233 ~]# rsync -avP /tmp/test/ --port=8730 --password-file=/etc/rsync_pass.txt test@192.168.9.134::test/
sending incremental file list
./
12.txt
1432 100% 0.00kB/s 0:00:00 (xfer#1, to-check=1/3)
world.txt
0 100% 0.00kB/s 0:00:00 (xfer#2, to-check=0/3)
sent 1576 bytes received 49 bytes 3250.00 bytes/sec
total size is 1432 speedup is 0.88
[root@centos11233 ~]# rsync -avP /tmp/test/ --port=8730 --password-file=/etc/rsync_pass.txt test@192.168.9.134::test/ ERROR: password file must not be other-accessible rsync error: syntax or usage error (code 1) at authenticate.c(175) [sender=3.0.9]
密码文件不能被访问,没有设置权限
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
