File Synchronization With Rsync(3)

File Synchronization With Rsync - What's In A Name?
(Page 7 of 9 )

Thus far, all the examples you've seen have involved so-called anonymous access to the rsync server - any user could connect to the host server and transfer files between the two systems. Needless to say, this is both insecure and dangerous - it's quite possible, for example, for someone to mistakenly sync up an empty directory with the "--delete" option, thereby destroying files on the destination machine.

In order to add a greater level of security, therefore, rsync comes with a simple authentication scheme, which requires users to log in to the rsync server with a password before performing any file transfer operation. This authentication can be activated on a per-module basis, and involves adding the "auth users" and "secrets file" variables to each module in the configuration file.

The "auth users" variable tells rsync which users are authorized to access the corresponding module on the server, while the "secrets file" variable tells rsync which file to use for password authentication. Here's an example:
path = /home/me
auth users = john, joe, sherry
secrets file = /home/me/rsync-users
In this case, only the users "john", "joe" and "sherry" are permitted access to the module "home", and their passwords can be verified against the data in the file "rsync-users". It's important to ensure that this file is not world-readable.

This secrets file is a simple text file containing a list of comma-separated usernames and passwords, each set on a new line. Here's an example:
[[email protected]] $ cat rsync-users
Note that these users need not necessarily be "real" users on the system.

Let's now update our configuration file to include some authentication for the "home" module, and restart the rsync daemon on "olympus":
path = /home/me comment = My Home Area list = yes read only = no auth users = john, joesecrets file = /tmp/rsync-users
This time, when I attempt to connect to the rsync server from "xanadu", look what happens:
[[email protected]] $ rsync --progress --recursive [email protected]::home/ .
Password: ***
It's only after entering the correct password for user "joe" that I'm allowed access to the module. Note the manner in which the username is specified, by prefixing it to the host name on the command line.

Finally, you can use SSH for your rsync transfers by specifying the path to the "ssh" binary in your rsync command line:
[[email protected]] $ rsync -rsh=/usr/bin/ssh --progress  --recursive

File Synchronization With Rsync - Mirror, Mirror, On The Wall
(Page 8 of 9 )

So that's the theory. Let's now see how I applied it to my original problem (in case you've forgotten, I needed to copy the contents of a directory on our staging server to a corresponding directory on our Web server).

Let's assume that the staging server is called "medusa", and the directory to be mirrored from it on to the live server is "/usr/local/apache/htdocs/beta". The first thing to do, obviously, was to set up rsync as a daemon on one of the hosts - say "medusa" - and configure it to make the "/usr/local/apache/htdocs/beta" directory available as a module.
path = /usr/local/apache/htdocs
comment = Web Server Root
list = yes
read only = yes
Next, I needed to log in to the other end of the connection - the live Web server - and run rsync to connect to the staging server and get the latest build released by the development team to "medusa".
[[email protected]] $ cd /www-root/
[[email protected]] $ rsync --compress --verbose --delete --links--recursive --perms medusa::web/beta .
In case you're wondering, the "--compress" option compresses the data while sending it, while the "--perms" option retains the original file permissions on the destination host.

I put the two lines above into a shell script, and set it to run on a daily basis via cron. Since rsync only sends the delta when performing a copy operation, my bandwidth usage was minimal...and since the process was now largely automated, I was able to get my social life back on track.
olympus:home/ . 
In this case, rsync will use SSH to perform the transaction. Note the single colon in the destination host name - this tells rsync to use the SSH shell instead of connecting to the rsync server directly.

You can also use the "hosts allow" and "hosts deny" options to restrict access to the server by host - take a look at the documentation for details.
File Synchronization With Rsync - Link Out
(Page 9 of 9 )

And that's about it. Over the course of this article, I introduced you to rsync, an extremely powerful utility for file synchronization between hosts. I showed you how to synchronize files between directories on the same machine, and also between different hosts on a network. I also demonstrated the process of configuring an rsync server, with examples of both anonymous and authenticated access, and showed you how you could perform your file transfer within an SSH connection for greater security. Finally, I illustrated how all this theory could be put to practical use with examples of how rsync could be used in common real-world situations involving file backup and mirroring.

If you'd like to read more about rsync, you should consider bookmarking the following links:

The official rsync Website, at

rsync documentation, at

Usage examples, at, and more rsync resources, at

The SSH Web site, at

Till next time...stay healthy!

Note: All examples in this article have been tested on Linux/i586 with PHP 4.2.3. Examples are illustrative only, and are not meant for a production environment. Melonfire provides no warranties or support for the source code described in this article. YMMV!


บันทึกนี้เขียนที่ GotoKnow โดย  ใน นายก๊อต:รวมแหล่งความรู้

คำสำคัญ (Tags)#network#opensource#computer#it#งานพัฒนา

หมายเลขบันทึก: 23855, เขียน: 13 Apr 2006 @ 17:29 () , แก้ไข, 07 Jun 2012 @ 17:24 (),  | , สัญญาอนุญาต: สงวนสิทธิ์ทุกประการ, อ่าน: คลิก

ความเห็น (0)