How to set client-side rsync password permissions ?

5 posts / 0 new
Last post
Mike.McCarty
Offline
Last seen: 3 years 3 months ago
Joined: 10.04.2012 - 21:55
How to set client-side rsync password permissions ?

Environment:

Windows 7 x64 Enterprise

CWRsync rsync.exe 3.0.9

We use the latest builds of cwRsync to push files from a client to a remote server. We password-protect the operation using a client-side password file, that is passed to rsync.exe using the --password-file= option. However, rsync.exe complains that the password file permissions are incorrect:

 ERROR: password file must not be other-accessible

No matter what I do, using cacls.exe or the rsync-supplied chmod.exe, I cannot seem to get the permissions right to avoid this error. Please provide guidance for setting the correct permissions on this file to avoid this error.

Thank you

Mike McCarty

michael.mccarty@bentley.com

 

itefix
Online
Last seen: 9 min 36 sec ago
Joined: 01.05.2008 - 21:33
This is one of the rsync

This is one of the rsync features that doesn't work on Windows: Rsync uses Unix-like permissions to check if the file is accessible by everyone. As a workaround, you can pipe your password file into rsync:

 

rsync ........ < passwd-file

 

Hope it helps.

Mike.McCarty
Offline
Last seen: 3 years 3 months ago
Joined: 10.04.2012 - 21:55
Thank you for the response. I

Thank you for the response.

I suppose I can try this workaround, but I'm not confident it will work for my purposes - I'm using rsync in a set of automated batch jobs that already do strange things with redirecting input and output.

As it appears I am not the first person to run into this issue, could I inquire as to whether there will ever be a way to suppress this check in Windows builds of the cwRsync product ? Perhaps a command line switch, or that bit of code could be wrapped in some #ifdefs to conditionally compile it out ?

Thank you.

Mike

itefix
Online
Last seen: 9 min 36 sec ago
Joined: 01.05.2008 - 21:33
I have now compiled rsync

I have now compiled rsync with an unofficial patch removing strict checking of password file at the client side:

 

--- authenticate.c    2011-09-10 22:38:17.000000000 +0200
+++ authenticate.1.c    2012-06-04 22:57:47.723513000 +0200
@@ -170,14 +170,6 @@
         rsyserr(FERROR, errno, "stat(%s)", filename);
         exit_cleanup(RERR_SYNTAX);
     }
-    if ((st.st_mode & 06) != 0) {
-        rprintf(FERROR, "ERROR: password file must not be other-accessible\n");
-        exit_cleanup(RERR_SYNTAX);
-    }
-    if (MY_UID() == 0 && st.st_uid != 0) {
-        rprintf(FERROR, "ERROR: password file must be owned by root when running as root\n");
-        exit_cleanup(RERR_SYNTAX);
-    }
 
     n = read(fd, buffer, sizeof buffer - 1);
     close(fd);

 

Patched version is available via support downloads page.

Jason Chodakowski (not verified)
Use the cygwin included bash

Use the cygwin included bash in order to get windows out of the way:

c:\cygwin\bin\bash -c '/cygdrive/c/cygwin/bin/rsync -avz --password-file=/cygdrive/c/cygwin/secret /something/ rsync://somewhere/node'