Configure rsync as a daemon
Environment
Red Hat Enterprise Linux
Issue
The rsync utility normally runs over ssh when syncing files between a local client and remote host. However it does have an option to run as a daemon if you don't want to run it using the ssh protocol. Because the data is not encrypted, it's important to make sure this is only done with trusted networks or consider encrypting the transfer through something like an stunnel.
Resolution
Server Configuration
Create an rsync user without a login shell. For example:
useradd -s /sbin/nologin rsync_user
Create the shared rsync directory and assign the correct permissions
mkdir /rsync_files
chown -R rsync_user:rsync_user /rsync_files
Create and edit the /etc/rsyncd.conf file
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
[rsync_files]
path = /rsync_files
comment = All rsync'd files are located here
read only = false
list = yes
auth users = rsync_user
gid = rsync_user
pid = rsync_user
strict modes = false
secrets file = /etc/rsyncd.scrt
The [rsync_files] is just the name of the rsync module you are creating.
The path is the location of your shared rsync directory
The auth users is the name of your rsync user
The secrets file is the location of the file that has the rsync users password
The gid and uid are set to the name of your rsync user. This ensures the synced files maintain ownership of the rsync user.
Create and edit the /etc/rsyncd.scrt file. This file should only contain the username and password of the rsync user. This user does not have a login shell, so the password is only configured via this file.
echo "rsync_user:redhat" > /etc/rsyncd.scrt
Set the correct permissions.
chmod 600 /etc/rsyncd.scrt
Make sure you use a more secure password than redhat.
The rsync daemon listens on port 873. Configure the firewall to allow rsync traffic.
firewall-cmd --add=port=873/tcp --perm
firewall-cmd --reload
Start the rsync daemon
rsync --daemon
Client Configuration
There isn't any actual configuration on the client end. However you will be prompted for the secrets password that was defined on the server side and you need to specify the rsync module as well.
rsync OPTIONS USER@SERVER::MODULE
rsync -auv *.log rsync_user@192.168.1.64::rsync_files
This would copy and sync files that have been updated or added ending with the .log extension from the current directory on the client, to the remote rsync server (with the IP address shown here) using the rsync user and the module that was defined on the server. In this case the rsync user is called rsync_user and the module is named rsync_files.
You will be prompted to type in the password that was defined in the secrets file on the remote rsync sever. You can either type it in each time or you can use one of the these two options.
Use the RSYNC_PASSWORD option
export RSYNC_PASSWORD=redhat
In this example the password defined in the secrets file was redhat.
Use the PASSWORD-FILE option.
Create a text file with the password defined in the secrets file, change the permissions and specify the location.
echo "redhat" > /root/secrets.scrt
chmod 500 /root/secrets.scrt
rsync -auv *.log rsync_user@192.168.1.64::rsync_files --password-file=/root/secrets.scrt
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.