Login/Register
Running rsync as root: Operations Not Permitted
Asked Answered
Solved macosbashscriptingpermissionsbackup
I

2

19

World!

I have a backup script that would run rsync for every user and will archive their /User/user folder onto our shared drive. Running into an interesting problem with rsync: when executing the script as "sudo" from the shell as the current user I'm unable to preserve the permissions of other users. It will error out and say: rsync: chown <path> - operations not permitted(1)

Do I have to chown every user's folder as root before executing the command? The command in being used and in question:

/usr/bin/rsync -av --human-readable --progress /Users/$name/ --exclude=".*" --exclude="Public" /Backup/$name\ -\ $(date +%m-%d-%y)  --exclude=".*/"

Thank you!

Incorporation answered 5/6, 2015 at 16:20 Comment(4)
"Do I have to chown every user's folder as root" Hey, don't do that, your users will kill you.Myogenic
@Myogenic You have a good point there...Incorporation
What exactly is this "shared drive"? What happens if you try to sudo chown a file on it "by hand"?Prosopopoeia
@Gordon Shared drive as in our mounted network volume drive. It's where we archive and backup our data to.Incorporation
P
30

It's because the target is on a mounted network volume. You're running rsync as root, but that only gives you permissions to change ownership on the local (client) computer -- as far as the file server is concerned, you're whatever user authenticated to it, i.e. not root (unless you're using NFS, in which case it's more complicated). Since you're authenticated to the server as a normal user, all files you create on the server will be owned by that normal user, and you won't have permissions to change that.

I see two possible solutions:

  • Don't try to set ownership on the server. Use rsync -rltgoDv ... instead of rsync -av .... -a is equivalent to -rlptgoD; leaving off the -p means it won't try to set ownership on the target files, it'll just store them all as the current (authenticated to server) user.

  • If you really need to preserve ownership (and your local accounts are the same as those on the server), run rsync over SSH instead of file sharing, and SSH into the server as root. Something like rsync -av ... root@server:/Backup/$name\ -\ $(date +%m-%d-%y) ...

    Note that allowing root SSH into a server is generally a bad idea. If you want to do it this way, I'd create an SSH public/private key pair (with an encrypted private key), use that for authentication, and configure the server to reject password-based SSH authentication (at least for root).

Prosopopoeia answered 8/6, 2015 at 19:17 Comment(6)
Perfect. Thank you for your quick response. It's probably best I use the correct rysnc arguments and flags to store the files as the current user and you did exactly that.Incorporation
Brilliant and profound answer, thank you Gordon! Rsync over SSh was an easy fix. I performed a "local" rsync over AFP first and then a complementary rsync over SSH for the missing files which only took a short while.Ravelment
According to the man, you should also be able to do -av --no-perms.Humber
As @Humber suggested and also per the man pages, it seems preferable to use the -a flag and specify which options to leave out, rather than translate the -a flag to those options. So in this case, you could use rsync -avh --no-perms --no-group --no-owner. This way you also wouldn't need to run rsync as root.Tol
is there any way of doing this with docker, since I am storing my data on remote drive.Beatrisbeatrisa
@Aqua4 I'm not particularly familiar with Docker, but I don't know of a reason it'd be very different from a physical machine.Prosopopoeia
P
2

I got permission error while using Ansible script.

These options work for me: --no-o --no-g --no-perms

- name: Copying code
  ansible.posix.synchronize:
    src: ../../../
    dest: "{{ project_path }}"
    times: no
    recursive: yes
    rsync_opts:
    - "--no-o"
    - "--no-g"
    - "--no-perms"
    - "--exclude=node_modules"
    - "--exclude=infra"
    - "--exclude=.git"
    - "--exclude=package-lock.json"
Piecedyed answered 5/4 at 13:32 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.