SOLVED Where to store persistent rsync authentication credentials?

[oRAirwolf]

I am trying to setup rsync between my FreeNAS machine and a backup server I purchased, which is a TerraMaster F4-220. It is basically a knock off of a QNAP/Synology machine, only much crappier (and cheap at $189 on Newegg Flash). It has an rsync daemon, but it can only be configured with a username and password. There are very few configuration options in the interface and you have no option but use credentials. I tried editing the rsyncd.conf file on the F4-220, but it overwrites the file on every reboot. It also deletes my SSH keys on every reboot. So I think my best option is to do an rsync push from FreeNAS with a secrets file. As far as I am aware, it is possible to create a secrets file that you can reference in your rsync command to authenticate. Since FreeNAS does not offer the option to input credentials when using rsync (not rsync over SSH) natively via the GUI, I assume I can do this via the extra command box at the bottom. The problem I am running into is that I cannot make the secrets file persistent. I tried storing the password file on my primary share, but when I try and run rsync with the password file, I get the following:

root@epsilonshrike:~ # rsync -avp --password-file=/mnt/RAIDZ1Pool/RAIDZ1Pool/rsyncpassword /mnt/RAIDZ1Pool/RAIDZ1Pool/test airwolf@10.10.0.29::freenasbackup/RAIDZ1Pool
ERROR: password file must not be other-accessible
rsync error: syntax or usage error (code 1) at authenticate.c(196) [sender=3.1.2]

So I tried to chown and chmod it, but I get an error:

root@epsilonshrike:~ # chown root /mnt/RAIDZ1Pool/RAIDZ1Pool/rsyncpassword

root@epsilonshrike:~ # ls -lA /mnt/RAIDZ1Pool/RAIDZ1Pool/rsyncpassword
-rwxrwxr-x+ 1 root wheel 22 Nov 21 01:42 /mnt/RAIDZ1Pool/RAIDZ1Pool/rsyncpassword

root@epsilonshrike:~ # chmod 600 /mnt/RAIDZ1Pool/RAIDZ1Pool/rsyncpassword
chmod: /mnt/RAIDZ1Pool/RAIDZ1Pool/rsyncpassword: Operation not permitted

Is there a place I can store this file that will be persistent across reboots and will also let me change the permissions so it is not other-accessible?

 

[Ericloewe]

You'll want a separate dataset with Unix permissions (aclmode=discard) for this sort of thing (other utilities also make sense here) instead of Windows permissions (aclmode=restricted), to make things easier. Otherwise, you can use a Windows client (if it's a share) or setfacl to set the correct permissions.

 

[oRAirwolf]

You'll want a separate dataset with Unix permissions (aclmode=discard) for this sort of thing (other utilities also make sense here) instead of Windows permissions (aclmode=restricted), to make things easier. Otherwise, you can use a Windows client (if it's a share) or setfacl to set the correct permissions.

Thank you very much! I was able to create a new dataset with Unix permissions and got rsync working with password authentication.