File
Synchronization With Rsync - What's In A
Name?
(Page 7 of 9 )
Thus far, all the examples you've seen have involved so-called
anonymous access to the rsync server - any user could connect to
the host server and transfer files between the two systems.
Needless to say, this is both insecure and dangerous - it's quite
possible, for example, for someone to mistakenly sync up an empty
directory with the "--delete" option, thereby destroying files on
the destination machine.
In order to add a greater level of security, therefore, rsync comes
with a simple authentication scheme, which requires users to log in
to the rsync server with a password before performing any file
transfer operation. This authentication can be activated on a
per-module basis, and involves adding the "auth users" and "secrets
file" variables to each module in the configuration file.
The "auth users" variable tells rsync which users are authorized to
access the corresponding module on the server, while the "secrets
file" variable tells rsync which file to use for password
authentication. Here's an example:
[home]
path = /home/me
auth users = john, joe, sherry
secrets file = /home/me/rsync-users
In this case, only the users "john", "joe" and "sherry" are
permitted access to the module "home", and their passwords can be
verified against the data in the file "rsync-users". It's
important to ensure that this file is not world-readable.
This secrets file is a simple text file containing a list of
comma-separated usernames and passwords, each set on a new line.
Here's an example:
[me@olympus] $ cat rsync-users
john:johnjoe:joesherry:g5473m
Note that these users need not necessarily be "real" users on the
system.
Let's now update our configuration file to include some
authentication for the "home" module, and restart the rsync daemon
on "olympus":
[home]
path = /home/me comment = My Home Area list = yes read only = no auth users = john, joesecrets file = /tmp/rsync-users
This time, when I attempt to connect to the rsync server from
"xanadu", look what happens:
[me@xanadu] $ rsync --progress --recursive joe@olympus::home/ .
Password: ***
It's only after entering the correct password for user "joe" that
I'm allowed access to the module. Note the manner in which the
username is specified, by prefixing it to the host name on the
command line.
Finally, you can use SSH for your rsync transfers by specifying the
path to the "ssh" binary in your rsync command line:
[me@xanadu] $ rsync -rsh=/usr/bin/ssh --progress --recursive
File
Synchronization With Rsync - Mirror, Mirror, On The
Wall
(Page 8 of 9 )
So that's the theory. Let's now see how I applied it to my
original problem (in case you've forgotten, I needed to copy the
contents of a directory on our staging server to a corresponding
directory on our Web server).
Let's assume that the staging server is called "medusa", and the
directory to be mirrored from it on to the live server is
"/usr/local/apache/htdocs/beta". The first thing to do, obviously,
was to set up rsync as a daemon on one of the hosts - say "medusa"
- and configure it to make the "/usr/local/apache/htdocs/beta"
directory available as a module.
[web]
path = /usr/local/apache/htdocs
comment = Web Server Root
list = yes
read only = yes
Next, I needed to log in to the other end of the connection - the
live Web server - and run rsync to connect to the staging server
and get the latest build released by the development team to
"medusa".
[webmaster@domain] $ cd /www-root/
[webmaster@domain] $ rsync --compress --verbose --delete --links--recursive --perms medusa::web/beta .
In case you're wondering, the "--compress" option compresses the
data while sending it, while the "--perms" option retains the
original file permissions on the destination host.
I put the two lines above into a shell script, and set it to run on
a daily basis via cron. Since rsync only sends the delta when
performing a copy operation, my bandwidth usage was minimal...and
since the process was now largely automated, I was able to get my
social life back on track.
olympus:home/ .
In this case, rsync will use SSH to perform the transaction. Note
the single colon in the destination host name - this tells rsync to
use the SSH shell instead of connecting to the rsync server
directly.
You can also use the "hosts allow" and "hosts deny" options to
restrict access to the server by host - take a look at the
documentation for details.
File
Synchronization With Rsync - Link Out
(Page 9 of 9 )
And that's about it. Over the course of this article, I introduced
you to rsync, an extremely powerful utility for file
synchronization between hosts. I showed you how to synchronize
files between directories on the same machine, and also between
different hosts on a network. I also demonstrated the process of
configuring an rsync server, with examples of both anonymous and
authenticated access, and showed you how you could perform your
file transfer within an SSH connection for greater security.
Finally, I illustrated how all this theory could be put to
practical use with examples of how rsync could be used in common
real-world situations involving file backup and mirroring.
If you'd like to read more about rsync, you should consider
bookmarking the following links:
The official rsync Website, at http://www.samba.org/rsync/
rsync documentation, at http://www.samba.org/rsync/documentation.html
Usage examples, at http://www.samba.org/rsync/examples.html,
and more rsync resources, at http://www.samba.org/rsync/resources.html
The SSH Web site, at http://www.ssh.org/
Till next time...stay healthy!
Note: All examples in this article have been tested on Linux/i586
with PHP 4.2.3. Examples are illustrative only, and are not meant
for a production environment. Melonfire provides no warranties or
support for the source code described in this article. YMMV!
Ref::
http://www.devshed.com/c/a/Administration/File-Synchronization-With-Rsync/6/
http://www.devshed.com/c/a/Administration/File-Synchronization-With-Rsync/7/
http://www.devshed.com/c/a/Administration/File-Synchronization-With-Rsync/8/