如何更改 rsync 的所有者 [英] How to change the owner for a rsync
问题描述
我了解保留 rsync 的权限.但是,在我的情况下,我的本地计算机没有网络服务器所需的文件的用户.因此,当我 rsync 时,我需要所有者和组在网络服务器上是 apache,但在我的本地计算机上是我的用户名.有什么建议吗?
I understand preserving the permissions for rsync. However in my case my local computer does not have the user the files need to under for the webserver. So when I rsync I need the owner and group to be apache on the webserver, but be my username on my local computer. Any suggestions?
我想澄清一下我需要做什么.
I wanted to clarify to explain exactly what I need done.
我的个人电脑:名为home",用户帐户为michael"我的 Web 服务器:名为server",用户帐户为remote",用户帐户为apache"
My personal computer: named 'home' with the user account 'michael' My web server: named 'server' with the user account 'remote' and user account 'apache'
当前情况:我的网站在home"上,所有者为michael",在server"上,所有者为apache".home"需要使用用户michael",server"需要使用用户apache"
Current situation: My website is on 'home' with the owner 'michael' and on 'server' with the owner 'apache'. 'home' needs to be using the user 'michael' and 'server' needs to be using the user 'apache'
任务:将我在家"上的网站同步到服务器",但所有文件的所有者都归apache"和apache"组
Task: rsync my website on 'home' to 'server' but have all the files owner by 'apache' and the group 'apache'
问题:rsync 会保留权限、所有者和组;但是,我需要所有文件都由 apache 拥有.我知道不保留所有者会将用户的所有者放在服务器"上,但由于该用户是远程",因此它使用它而不是apache".我无法与用户 'apache' 进行 rsync(这会很好),但是我不愿意公开的安全风险.
Problem: rsync will preseve the permissions, owner, and group; however, I need all the files to be owner by apache. I know the not preserving the owner will put the owner of the user on 'server' but since that user is 'remote' then it uses that instead of 'apache'. I can not rsync with the user 'apache' (which would be nice), but a security risk I'm not willing to open up.
关于如何解决我唯一的想法:在每次 rsync 手动 chown -R 和 chgrp -R 之后,但它是一个庞大的系统,这需要很长时间,尤其是因为它要投入生产.
My only idea on how to solve: after each rsync manually chown -R and chgrp -R, but it's a huge system and this takes a long time, especially since this is going to production.
有人知道怎么做吗?
我用于 rsync 的当前命令:rsync --progress -rltpDzC --force --delete -e "ssh -p22";./remote@server.com:/website
Current command I use to rsync: rsync --progress -rltpDzC --force --delete -e "ssh -p22" ./ remote@server.com:/website
推荐答案
你可以在接收机器上组合一些技巧来获得所有权——从 cron 运行 'chmod -R apache/website' 将是一个有效但相当笨拙的选项——但相反,我建议安全允许 rsync-over-ssh-as-apache.
There are hacks you could put together on the receiving machine to get the ownership right -- run 'chmod -R apache /website' out of cron would be an effective but pretty kludgey option -- but instead, I'd recommend securely allowing rsync-over-ssh-as-apache.
您需要为此创建一个专用的 ssh 密钥对:
You'd create a dedicated ssh keypair for this:
ssh-keygen -f ~/.ssh/apache-rsync
然后将 ~/.ssh/apache-rsync.pub 带到网络服务器,在那里你将它放入 ~apache/.ssh/authorized_keys 并仔细指定允许的命令,一些东西像这样,全部在一行上:
and then take ~/.ssh/apache-rsync.pub over to the webserver, where you'd put it into ~apache/.ssh/authorized_keys and carefully specify the allowed command, something like so, all on one line:
command="rsync --server -vlogDtprCz --delete . /website",from="IP.ADDR.OF.SENDER",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAABKEYPUBTEXTsVX9NjIK59wJ+fjDgTQtGwhATsfidQbO6u77dbAjTUmWCZjKAQ/fEFWZGSlqcO2yXXXXXXXXXXVd9DSS1tjE6vAQaRdnMXBggtn4M9rnePD2qlR5QOAUUwhyFPhm6U4VFhRoa3wLvoqCVtCV0cuirB6I45On96OPijOwvAuz3KIE3+W9offomzHsljUMXXXXXXXXXXMoYLywMG/GPrZ8supIDYk57waTQWymUyRohoQqFGMzuDNbq+U0JSRlvLFoVUZ5Piz+gKJwwiFwwAW2iNag/c4Mrb/BVDQAyEQ== comment@email.address
然后您在家"机器上的 rsync 命令将类似于
and then your rsync command on your "home" machine would be something like
rsync -av --delete -e 'ssh -i ~/.ssh/apache-rsync apache@server' ./ /website
还有其他方法可以给这只猫剥皮,但在我看来,这是最清晰且涉及最少变通方法的方法.它可以防止将 shell 作为 apache,这是最大的安全问题,natch.如果您真的坚决反对允许 ssh 作为 apache,还有其他方法……但我就是这样做的.
There are other ways to skin this cat, but this is the clearest and involves the fewest workarounds, to my mind. It prevents getting a shell as apache, which is the biggest security concern, natch. If you're really deadset against allowing ssh as apache, there are other ways ... but this is how I've done it.
此处参考:http://ramblings.narrabilis.com/using-rsync-with-ssh, http://www.sakana.fr/blog/2008/05/07/securing-automated-rsync-over-ssh/
这篇关于如何更改 rsync 的所有者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
