Thread: File permissions
Brought to you by:
thesun
From: John H. <jo...@dr...> - 2006-05-03 09:51:50
|
Hello I've just stumbled upon rsyncrypto, it seems to do just what I need except for one thing. I want to use rsync to backup servers but don't want to enable root ssh. It would be useful if rsyncrypto could store file ownership/permissions in the encrypted files and make the encrypted files 0600 and owned by an arbitrary user - say backup. That way I can rsync using the user 'backup' with minimal ssh privileges. The decrypt could then restore the original permissions. Perhaps this is already possible or maybe you know of a simple workaround. I've also noticed that files' executable permissions are lost in the encrypt/decrypt cycle - is this intentional? Cheers John |
From: Shachar S. <rsy...@sh...> - 2006-05-03 11:39:21
|
John Hedges wrote: >Hello > >I've just stumbled upon rsyncrypto, it seems to do just what I need >except for one thing. > >I want to use rsync to backup servers but don't want to enable root >ssh. It would be useful if rsyncrypto could store file >ownership/permissions in the encrypted files and make the encrypted >files 0600 and owned by an arbitrary user - say backup. > Storing permissions inside the encrypted files is planned, but will take a little while to implement (mostly because I got Hodgkin's disease, and will take a few months to return to full capacity work). The permissions of the encrypted files are governed, if memory serves me right, by the umask. Do whatever you like with it :-) I doubt I'll add a flag to change the ownership of the files during backup. You are free to run "chown -R" on the directory after rsyncrypto finishes. > That way I can >rsync using the user 'backup' with minimal ssh privileges. The decrypt >could then restore the original permissions. > Yes, it is also planned that the full permissions (including ownership and, at some later date, also ACL and filesystem attributes) will be restored by rsyncrypto. In fact, this feature is the only one holding me from announcing "rsyncrypto" production, as it will require changing the encrypted file structure, and I would like to do several necessary changes at once here. > Perhaps this is already >possible or maybe you know of a simple workaround. > > Aside from performing tar to stdout, and piping that to rsyncrypto, I'm afraid I know of no workaround yet :-( >I've also noticed that files' executable permissions are lost in the >encrypt/decrypt cycle - is this intentional? > > No, it's a natural byproduct of the above missing feature. >Cheers > >John > > Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html |
From: John H. <jo...@dr...> - 2006-05-04 09:14:06
|
Hi Sanchar > >I want to use rsync to backup servers but don't want to enable root > >ssh. It would be useful if rsyncrypto could store file > >ownership/permissions in the encrypted files and make the encrypted > >files 0600 and owned by an arbitrary user - say backup. > > > Storing permissions inside the encrypted files is planned, but will take > a little while to implement (mostly because I got Hodgkin's disease, and > will take a few months to return to full capacity work). Sorry to hear this, I imagine you are subject to some fairly horrendous treatments. Hope you get well soon. > The permissions of the encrypted files are governed, if memory serves me > right, by the umask. Do whatever you like with it :-) > > I doubt I'll add a flag to change the ownership of the files during > backup. You are free to run "chown -R" on the directory after rsyncrypto > finishes. That would be fine as long as the permissions are restored on decrypt. > > That way I can > >rsync using the user 'backup' with minimal ssh privileges. The decrypt > >could then restore the original permissions. > > > Yes, it is also planned that the full permissions (including ownership > and, at some later date, also ACL and filesystem attributes) will be > restored by rsyncrypto. In fact, this feature is the only one holding me > from announcing "rsyncrypto" production, as it will require changing the > encrypted file structure, and I would like to do several necessary > changes at once here. > > > Perhaps this is already > >possible or maybe you know of a simple workaround. > > > > > Aside from performing tar to stdout, and piping that to rsyncrypto, I'm > afraid I know of no workaround yet :-( This looks promising. Tarring whole directories before rsyncrypto would work well as long as tar is consistent with respect to the ordering of files within the archive. I'll give it a go. Cheers John |
From: Shachar S. <rsy...@sh...> - 2006-05-04 10:58:57
|
John Hedges wrote: >Hi Sanchar > > http://www.shemesh.biz/sun.html Difficult name, I know :-) > > >>mostly because I got Hodgkin's disease, and >>will take a few months to return to full capacity work). >> >> > >Sorry to hear this, I imagine you are subject to some fairly horrendous >treatments. Hope you get well soon. > > Yeah. Chemo is not my recommended past time, given a choice. Then again, it's better than the alternative (i.e. - what would happen had this not been treated). >>I doubt I'll add a flag to change the ownership of the files during >>backup. You are free to run "chown -R" on the directory after rsyncrypto >>finishes. >> >> > >That would be fine as long as the permissions are restored on decrypt. > > Permissions and ownership, once the feature is implemented of course. >>Aside from performing tar to stdout, and piping that to rsyncrypto, I'm >>afraid I know of no workaround yet :-( >> >> > >This looks promising. Tarring whole directories before rsyncrypto would >work well as long as tar is consistent with respect to the ordering of >files within the archive. I'll give it a go. > > Even if file ordering does change, both rsync and rsyncrypto are supposed to handle this fairly gracefully. >Cheers > >John > > Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html |
From: John H. <jo...@dr...> - 2006-05-04 11:44:15
|
On Thu, May 04, 2006 at 01:58:47PM +0300, Shachar Shemesh wrote: > John Hedges wrote: > >Hi Sanchar > http://www.shemesh.biz/sun.html > Difficult name, I know :-) Sorry Shachar - must read more carefully. > >>Aside from performing tar to stdout, and piping that to rsyncrypto, I'm > >>afraid I know of no workaround yet :-( > > > >This looks promising. Tarring whole directories before rsyncrypto would > >work well as long as tar is consistent with respect to the ordering of > >files within the archive. I'll give it a go. > > > Even if file ordering does change, both rsync and rsyncrypto are > supposed to handle this fairly gracefully. Thats good to know. I've tried quick tests on /etc and /var/log with good results. Thanks for the advice. John |