Rsync server setup on RHEL,SL,CentOS, did not test on other Linux distributions, in principle, they should be same, or similar.
Rsync is a fast and extraordinarily versatile file copying tool. It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon.
It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied. It is famous for its delta-transfer algorithm, which reduces the amount of data sent over the network by sending only the differences between the source files and the existing files in the destination.
Rsync is widely used for backups and mirroring and as an improved copy command for everyday use.
By default, rsyncd listens port 873 for incoming connections from other computers utilizing rsync.
Note: this is not recommended for the transfer of files across unsecured networks, such as the Internet, because the actual data transfer is not encrypted. Use this to keep information synchronized between different computers in internal networks, as well as perform backups.
There are basic two different approaches to have rsync running as a daemon, one is to launch the program with the --daemon parameter, and the other is to have inetd or xinetd to launch rsync and have it running as the other services that inetd and xinetd handles
In any case, we must configure the file /etc/rsyncd.conf, we start with simple one, minimum module paramenters.
The rsyncd.conf file is the runtime configuration file for rsync when run as an rsync daemon.
The rsyncd.conf file controls authentication, access, logging and available modules.
Example of rsyncd.conf
# cat /etc/rsyncd.conf
log file = /var/log/rsync.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
path = /home/backups
comment = backup files
read only = yes
hosts allow = 192.168.1.1, 192.168.1.2
hosts deny = *
list = true
# rsync --daemon
# netstat -putan | grep 873
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 28661/xinetd
Also, you can check /var/log/rsync.log, you should see message like below
rsyncd version 3.0.6 starting, listening on port 873
backup backup files
More examples of rsync usage, check rsync examples
To stop the rsync server
Use TCP Wrapper
It is via xinetd, the Extended Internet Services Daemon service is a TCP-wrapped super service which controls access to a subset of popular network services, including ftp, IMAP,rsh,rlogin,rsync and Telnet etc.. check xinetd and TCP wraper
Note: xinetd uses TCP wrapper, so you may see rsync --daemon works, but not via xinetd.
Step 1: Enable rsync service in xinetd
# cat /etc/xinetd.d/rsync
disable = no
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
then, restart/reload xinetd service
Another way to enable rsync is
#chkconfig rsync on
They both work, but, you have to remember that the second way is only to reload xinetd, so if your xinetd is stopped, then you have to explicitly start xinetd service.
Step 2: Enable host and service connection
Add a rule like below in /etc/hosts.allow
rsync : 192.168.1.0/255.255.255.0
The following is the sequence of events followed by xinetd when a client requests a connection:
First: The xinetd daemon accesses the TCP Wrappers hosts access rules using a libwrap.a library call (files /etc/hosts.allow,deny). If a deny rule matches the client, the connection is dropped. If an allow rule matches the client, the connection is passed to xinetd.
Then: The xinetd daemon checks its own access control rules both for the xinetd service and the requested service. If a deny rule matches the client, the connection is dropped. Otherwise, xinetd starts an instance of the requested service and passes control of the connection to that service.
Step 3: verify the rsync.conf
Yes, same as daemon mode, it's /etc/rsync.conf
path = /home/backups
comment = backup files
uid = root
gid = root
read only = no
list = true
auth users = rsyncclient,backup
secrets file = /etc/rsyncd.secrets
hosts allow = 192.168.1.1,192.168.1.2
Note: green color parameters are optional
Step 4: secrets file optional
Here is the secret file looks like, remember, change the permission of this file so it can't be read or odified by other users, rsync will fail if the permissions of this file are not appropriately set:
#chmod 600 /etc/rsyncd.secrets
Step 5: specific port
Further more, unlike inetd, xinetd doesn't need to have an entry in /etc/services, it can handle the port/protocol by itself. If rsync is defined in /etc/services, the lines port and protocol can be omitted. So, if you want to specify rsync ports.
change /etc/xinetd.d/rsync is enough.
More secure, more detail
At the beginning, we showed the /etc/rsyncd.conf, there are basically two sections in the file, the global parameters and the modules section.
The global parameters define the overall behavior of rsync.
lock file is the file that rsync uses to handle the maximum number of connections
log file is where rsync will save any information about it's activity;
when it started running, when and from where does other computers connect, and
any errors it encounters.
pid file is where the rsync daemon will write the process id that has been assigned to it,
this is useful because we can use this process id to stop the daemon.
After the global parameters, is modules section, every module is a folder that we share with rsync, the important parts here are:
[name] is the name that we assign to the module. Each module exports a directory tree.
The module name can not contain slashes or a closing square bracket.
[path] is the path of the folder that we are making available with rsync
[comment]is a comment that appears next to the module name when a client obtain the list of
all available modules
[uid] When the rsync daemon is run as root, we can specify which user owns the files
that are transfer from and to.
[gid] This allows us to set the group that own the files that are transferred if the
daemon is run as root
[read only] determines if the clients who connect to rsync can upload files or not,
the default of this parameter is true for all modules.
[list allows] the module to be listed when clients ask for a list of available modules,
setting this to false hides the module from the listing.
[auth users] is a list of users allowed to access the content of this module, the users
are separated by comas. The users don't need to exist in the system,
they are defined by the secrets file.
[secrets]file defines the file that contains the usernames and passwords of the valid users
[hosts] allow are the addresses allowed to connect to the system. Without this parameter
all hosts are allowed to connect.