I like Rsync allot and I tend to use it allot in daemon mode. I like to run it from Cron so that I know about every 1 to 5 min it back up certain files. Using it like this can be tricky b/c I also want to use some extra security, another thing is I don't want it to eat all up all my network bandwidth when syncing remotely with servers. So today we are going to Show you how to secure your Rsync with passwords, and limit bandwidth connections.
Lets start out with the basic config first.
This example is to rsync my pxe images directory.
#rsyncd.conf
uid = nobody
gid = nobody
use chroot = yes
max connections = 4
syslog facility = local5
pid file = /var/run/rsyncd.pid
[images]
path = /var/www/html/install/images
comment = whole linux image area (approx 6.1 GB)
Nothing special here just basic setup
But lets get fancy
Using Rsync Passwords
Here is the same config with rsync's own authentication configured.
#rsyncd.conf with auth
uid = nobody
gid = nobody
use chroot = yes
max connections = 4
syslog facility = local5
pid file = /var/run/rsyncd.pid
[images]
path = /var/www/html/install/images
comment = whole linux image area (approx 6.1 GB)
auth users = miuser nobody
secrets file = /etc/rsyncd.secrets
#rsyncd.secrets
miuser:passw0rd
nobody:passw0rd
Remember to make sure there is non-world readable on the secrets file
just to make sure and rest easy.
chmod 700 /etc/rsyncd.secrets
Now lets move to the client side we need to setup a password file so we can run this whole thing from a cronjob.
#pass
passw0rd
Just like secrets file you need to make it non-world readable
chmod 700 pass
Then give it a shot
rsync -avz --password-file=./pass miuser@yourserver.yourdomain.org::images/* /tftp
There you can add that to a cron job put it in a wrapper script or something else, now only authenticated clients can access rsync targets.
Bandwidth Limiting
Another handy option is to limit the bandwidth when rsyncing, b/c you don't want to saturate your pipe between Data centers or networks. From the man page it says
--bwlimit=KBPS
This option allows you to specify a maximum trans
fer rate in kilobytes per second. This option is
most effective when using rsync with large files
(several megabytes and up). Due to the nature of
rsync transfers, blocks of data are sent, then if
rsync determines the transfer was too fast, it will
wait before sending the next data block. The result
is an average transfer rate equaling the specified
limit. A value of zero specifies no limit.
This trick is very useful here is an example of it
rsync -avz --bwlimit=300 --password-file=./pass miuser@yourserver.youdomain.org::images/* /tftp
About Me
- G. Ryan Fawcett
- Bay Area / silicon valley, CA, United States
- SysAdmin geek and Cloud / HPC computer enthusiast for fun and profit. Linkedin Profile
Subscribe To Linuxsysint
Posts
Comments