Linux SSH 上的 rsync 仅保留 www-data 拥有的文件的所有权
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9586798/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
rsync over SSH preserve ownership only for www-data owned files
提问by jeffery_the_wind
I am using rsync to replicate a web folder structure from a local server to a remote server. Both servers are ubuntu linux. I use the following command, and it works well:
我正在使用 rsync 将 Web 文件夹结构从本地服务器复制到远程服务器。两台服务器都是ubuntu linux。我使用以下命令,它运行良好:
rsync -az /var/www/ [email protected]:/var/www/
The usernames for the local system and the remote system are different. From what I have read it may not be possible to preserve all file and folder owners and groups. That is OK, but I would like to preserve owners and groups just for the www-data user, which does exist on both servers.
本地系统和远程系统的用户名不同。根据我的阅读,可能无法保留所有文件和文件夹所有者和组。没关系,但我想为 www-data 用户保留所有者和组,这两个服务器上都存在。
Is this possible? If so, how would I go about doing that?
这可能吗?如果是这样,我将如何去做?
** EDIT **
** 编辑 **
There is some mention of rsync being able to preserve ownership and groups on remote file syncs here: http://lists.samba.org/archive/rsync/2005-August/013203.html
这里有一些提到 rsync 能够在远程文件同步上保留所有权和组:http: //lists.samba.org/archive/rsync/2005-August/013203.html
** EDIT 2 **
** 编辑 2 **
I ended up getting the desired affect thanks to many of the helpful comments and answers here. Assuming the IP of the source machine is 10.1.1.2 and the IP of the destination machine is 10.1.1.1. I can use this line from the destination machine:
多亏了这里的许多有用的评论和答案,我最终得到了想要的效果。假设源机器的IP是10.1.1.2,目的机器的IP是10.1.1.1。我可以使用目标机器上的这一行:
sudo rsync -az [email protected]:/var/www/ /var/www/
This preserves the ownership and groups of the files that have a common user name, like www-data. Note that using rsyncwithout sudodoes not preserve these permissions.
这会保留具有通用用户名(如 www-data)的文件的所有权和组。请注意,使用rsyncwithoutsudo不会保留这些权限。
采纳答案by ghoti
You can also sudo the rsync on the target host by using the --rsync-pathoption:
您还可以使用以下--rsync-path选项在目标主机上 sudo rsync :
# rsync -av --rsync-path="sudo rsync" /path/to/files user@targethost:/path
This lets you authenticate as useron targethost, but still get privileged write permission through sudo. You'll have to modify your sudoers file on the target host to avoid sudo's request for your password. man sudoersor run sudo visudofor instructions and samples.
这使您可以user在目标主机上进行身份验证,但仍然可以通过sudo. 您必须修改目标主机上的 sudoers 文件,以避免 sudo 要求您输入密码。 man sudoers或运行sudo visudo以获取说明和示例。
You mention that you'd like to retain the ownership of files owned by www-data, but not other files. If this is really true, then you may be out of luck unless you implement chownor a second run of rsyncto update permissions. There is no way to tell rsync to preserve ownership for just one user.
您提到您希望保留 www-data 拥有的文件的所有权,而不是其他文件的所有权。如果这是真的,那么除非您实施chown或第二次运行rsync以更新权限,否则您可能会走运。没有办法告诉 rsync只为一个用户保留所有权。
That said, you should read about rsync's --files-fromoption.
也就是说,您应该阅读 rsync 的--files-from选项。
rsync -av /path/to/files user@targethost:/path
find /path/to/files -user www-data -print | \
rsync -av --files-from=- --rsync-path="sudo rsync" /path/to/files user@targethost:/path
I haven't tested this, so I'm not sure exactly how piping find's output into --files-from=-will work. You'll undoubtedly need to experiment.
我还没有测试过这个,所以我不确定管道 find 的输出到底是如何--files-from=-工作的。毫无疑问,您需要进行试验。
回答by jeffery_the_wind
As far as I know, you cannot chownfiles to somebody else than you, if you are not root. So you would have to rsyncusing the www-dataaccount, as all files will be created with the specified user as owner. So you need to chownthe files afterwards.
据我所知chown,如果您不是 root,则不能将文件发送给除您之外的其他人。因此您必须rsync使用该www-data帐户,因为所有文件都将以指定的用户作为所有者创建。所以你需要chown事后处理文件。
回答by Graham
The root users for the local system and the remote system are different.
本地系统和远程系统的 root 用户是不同的。
What does this mean? The rootuser is uid 0. How are they different?
这是什么意思?在根用户的UID为0。他们如何不同?
Any user with read permission to the directories you want to copy can determine what usernames own what files. Only root can change the ownership of files being written.
任何对您要复制的目录具有读取权限的用户都可以确定哪些用户名拥有哪些文件。只有 root 可以更改正在写入的文件的所有权。
You're currently running the command on the source machine, which restricts your writes to the permissions associated with [email protected]. Instead, you can try to run the command as rooton the targetmachine. Your readaccess on the source machine isn't an issue.
您当前正在源计算机上运行该命令,这会将您的写入限制为与 [email protected] 关联的权限。相反,您可以尝试在目标机器上以 root身份运行该命令。您在源计算机上的读取权限不是问题。
So on the target machine (10.1.1.1), assuming the source is 10.1.1.2:
所以在目标机器(10.1.1.1)上,假设源是 10.1.1.2:
# rsync -az [email protected]:/var/www/ /var/www/
Make sure your groups match on both machines.
确保您的组在两台机器上匹配。
Also, set up access to [email protected] using a DSA or RSA key, so that you can avoid having passwords floating around. For example, as root on your target machine, run:
此外,使用 DSA 或 RSA 密钥设置对 [email protected] 的访问,这样您就可以避免密码四处飘散。例如,在目标机器上以 root 身份运行:
# ssh-keygen -d
Then take the contents of the file /root/.ssh/id_dsa.puband add it to ~user/.ssh/authorized_keyson the source machine. You can ssh [email protected]as root from the target machine to see if it works. If you get a password prompt, check your error log to see why the key isn't working.
然后获取文件的内容/root/.ssh/id_dsa.pub并将其添加到~user/.ssh/authorized_keys源计算机上。您可以ssh [email protected]在目标机器上以 root 身份查看它是否有效。如果您收到密码提示,请检查您的错误日志以了解密钥无效的原因。
回答by ghoti
Well, you could skip the challenges of rsync altogether, and just do this through a tar tunnel.
好吧,您可以完全跳过 rsync 的挑战,只需通过 tar 隧道即可。
sudo tar zcf - /path/to/files | \
ssh user@remotehost "cd /some/path; sudo tar zxf -"
You'll need to set up your SSH keys as Graham described.
您需要按照 Graham 的描述设置 SSH 密钥。
Note that this handles full directory copies, not incremental updates like rsync.
请注意,这会处理完整的目录副本,而不是像 rsync 那样的增量更新。
The idea here is that:
这里的想法是:
- you tar up your directory,
- instead of creating a tar file, you send the tar output to stdout,
- that stdout is piped through an SSH command to a receivingtar on the other host,
- but that receiving tar is run by sudo, so it has privileged write access to set usernames.
- 你把你的目录压缩,
- 不是创建 tar 文件,而是将 tar 输出发送到 stdout,
- 该标准输出通过 SSH 命令通过管道传输到另一台主机上的接收tar,
- 但是接收 tar 是由 sudo 运行的,因此它具有设置用户名的特权写入权限。
回答by user2485267
I had a similar problem and cheated the rsync command,
我遇到了类似的问题并欺骗了 rsync 命令,
rsync -avz --delete [email protected]:/home//domains/site/public_html/ /home/domains2/public_html && chown -R wwwusr:wwwgrp /home/domains2/public_html/
rsync -avz --delete root@xxxx:/home//domains/site/public_html/ /home/domains2/public_html && chown -R wwwusr:wwwgrp /home/domains2/public_html/
the && runs the chown against the folder when the rsync completes successfully (1x '&' would run the chown regardless of the rsync completion status)
&& 在 rsync 成功完成时针对文件夹运行 chown(无论 rsync 完成状态如何,1x '&' 都会运行 chown)
回答by chebaby
rsync version 3.1.2
rsync 版本 3.1.2
I mostly use windows in local, so this is the command line i use to sync files with the server (debian) :
我主要在本地使用 windows,所以这是我用来与服务器(debian)同步文件的命令行:
user@user-PC /cygdrive/c/wamp64/www/projects
$ rsync -rptgoDvhP --chown=www-data:www-data --exclude=.env --exclude=vendor --exclude=node_modules --exclude=.git --exclude=tests --exclude=.phpintel --exclude=storage ./website/ username@hostname:/var/www/html/website
