Here are some examples of using the rsync server.
Running the Rsync service at the same time on the production server
Suppose there are 3 computers in the network
Production Server-Pandr (192.168.0.220) Backup host A-backupa (192.168.0.221) Backup host B-BACKUPB (192.168.0.222)
Configuring Rsync services on Pandr
1, edit the configuration file
# vi/etc/rsyncd/rsyncd.confuid = Nobodygid = Nobodysyslog Facility = Local3use Chroot = yesread only = Yesmax 50x15 = 4timeout = 300MOTD File =/etc/rsyncd/rsyncd.motdpid File =/var/run/rsyncd.pidlock File =/var/run/rsync.lockhosts allow= 192.168.0.221 192.168.0.222hosts deny=*secrets file =/etc/rsyncd/rsyncd.secretsauth users = bua,bublist=yes[home] uid = Root gid = root Path = FileSystem Comment = Product Server home exclude = www/samba/ftp/[www] Path =/home/www Comment = Product server www exclude = logs/
Some permissions issues are examined below:
# tree/home-p/home|--[drwx------] crq|--[drwxr-xr-x] ftp|--[drwx------] osmond|--[drwxr-xr-x] Samba '--[drwxr-xr-x] www | | [drwxr-xr-x] cgi-bin|--[drwxr-xr-x] fcgi-bin|--[drwxr-xr-x] htdocs '--[drwxr-xr-x] Logs
From the above directory permissions, each user's own directory does not have any permissions for groups and other users. When UID and GID are set to nobody, rsync clients cannot synchronize content in their own directories because they do not have access to their own directories. To do this, the [home] section sets the UID and GID to root.
Rsyncd writes the log to the/var/log/messages file by default, and the syslog facility = LOCAL3 configuration above will use the LOCAL3 log device (facility). To do this, add the following line to the/etc/syslog.conf file:
Local3.info/var/log/rsync.log
Then restart the syslog using the following command
# Service Syslog Restart
2, edit rsync service password file
# touch/etc/rsyncd/rsyncd.secrets# chmod 600/etc/rsyncd/rsyncd.secrets# Vi/etc/rsyncd/rsyncd.secretsbua: Backupa-s-passwordbub:backupb-s-password
Do not use the same password as the system user account with the same name in/etc/rsyncd/rsyncd.secrets. 3. Run rsync service with XINETD
# chkconfig rsync on# service xinetd restart
4. Configure the Firewall
Using the Iptables configuration allows the Rsync service port (default 873) to pass, while restricting the connection of the Rsync client.
For example:
&http://www.aliyun.com/zixun/aggregation/37954.html ">NBSP;
# iptables-a input-p tcp-m State--state new-m TCP--dport 873-j accept# iptables-a input-p tcp-s! 192.168.0.221--dport 873-j DROP
You can use the following command to view the added firewall rules:
# iptables-l