simple rsync setup

[hakayova]

Hi all,

In my older Synology NAS I set up rsyncd as follows: rsyncd would run as a service and my computers on the LAN would each have a cronjob to push the changes to the NAS daily. One would think that this would be a simple task to switch to TrueNAS, which doesn't appear to be.

First of all, there is no /etc/rsyncd.conf file in TrueNAS, instead, one can add modules to the system via GUI, which is fine. I added the module with the exact settings that currently works with Synology, but keep getting "Operation not permitted" "failed to set permissions" errors. The owner of the module (rsync_user) has full access to the share and the remote computer is accessing TrueNAS via this username via a password file. I also tried removing the password file option and ran the following command on the remote computer:

Code:

rsync -avzz -i /video/Personal rsync://rsync_user@myTrueNAS/media

which is supposed to prompt me for a password according to rsync documents. However, I do not get a password prompt and get the same permission errors I get with the password file option as stated above.

Here is a snippet of the /usr/local/etc/rsyncd.conf

Code:

... (snipped)
[media]
        path = /mnt/pool0/backups
        max connections = 0
        uid = rsync_user
        gid = wheel
        comment = personal videos
        read only = false
        write only = false
        list = yes
        charset = utf-8

How do a get the rsync daemon on TrueNAS prompt me for a password and/or accept it from the password file, which I believe must be the underlying reason for the permission errors? What am I missing? Any guidance will be greatly appreciated.

 

[hakayova]

Since posting this, i figured that the rsyncd.conf exists at /usr/local/etc/rsync/ but manually configuring it may not be as reliable as configuring it via GUI. Pretty much all GUI choices seem to reflect to the rsyncd.conf file as intended too. However, I still cannot get the rsync daemon in TrueNAS core prompt me for a password when I try to connect to it via an rsync://URL link.

I recently repaired the smb server in TrueNAS 12U1.1 thanks to @anodos . Before this update, I was encountering several issues with it all of which disappeared after the update. Is rsyncd also broken in TrueNAS Core? Would someone please try what I am trying to achieve and report back whether or not they succeeded?

Thanks for considering.

 

[anodos]

Synology lacks support for our native nfsv4 ACLs. try --no-perm as an option.

 

[hakayova]

Thank you again @anodos. You seem to have all the answers I need . It is slightly concerning that I can copy files to this share without the privileged user's credentials but it does work for sure. I also would like to clarify that I am pushing files by rsync from my fully updated linux workstation (not Synology) to TrueNAS core, and this still requires --no-perms option to work, and without password prompt for the privileged user.

 

[winnielinnie]

It is slightly concerning that I can copy files to this share without the privileged user's credentials but it does work for sure.

I found that to be strange, as well. Rsync in daemon mode seems to utilize a primitive form of authentication (unlike rsync over SSH).


From my understanding, selecting the UID and GID tells rsync which user/group (on the server) to run the command as. The selection of UID and GID does nothing for authentication. I, too, noticed that anyone who is familiar with the module name can run their own rsync transfers, essentially screwing up everything on the destination. In order to place some sort of minimal authentication, I had to do the following:


Create a file named .secrets on the server, preferably in the user's home folder. Write inside the following, with the format of user:password:
martian:MyPassWord1234

The username (martian) and password (MyPassWord1234) can be anything. They are not connected to any real user account on the server.


Go to Services > Rsync > Edit > Modules > locate module > Edit > and add this under "Auxillary Parameters". Point it to the file you just created earlier.:
auth users = martian secrets file = /mnt/mainpool/homes/rsync_user/.secrets


Now over on the client PC, you create a new file, call it .secret or .rsync_password, or anything you wish; preferably in a hidden file. Write in the same password as previously, but this time just the password:
MyPassWord1234


And now you can add the --password-file option to your rsync command:
rsync -avzz -i --password-file="/home/linuxuser/.secret" /video/Personal rsync://martian@myTrueNAS/media

 

[hakayova]

Thank you so much @winnielinnie for your detailed message. This is very helpful indeed.