IBM i Global

IBM i Global

Connect, learn, share, and engage with IBM Power.

 View Only

  • 1.  Getting ifs file ownership and permission settings right with rsync

    Posted Wed October 02, 2024 12:27 PM

    I want to use rsync for some ifs replication/backup stuff.  I've got it running fine but for some reason when I do the rsync the file ownership and permission settings are not being synchronized.  Files come over to the new ifs directory well.  But they show to be under the ownership of the user profile logged in to the ssh session where the rsync command was run.  Use this a lot on my Linux boxes but have never run into an issue like this.  For testing I am just doing a local ifs dir to another local ifs dir with no luck.  So I know the profiles exist because they are already used on the source dir.  Just wanted to get this working before trying across boxes which is my ultimate goal.

    Has anybody else run into anything like this using rsync on an i?  

    IBM i V7R4

    rsync OSP is 3.2.3-5

    Here's the syntax for two different ways I've been rsync'ing this.

    rsync --archive --stats --verbose /sourcedir/ /targetdir/

    rsync --archive --stats --verbose --owner --group --perms /sourcedir/ /targetdir/



    ------------------------------
    Montie Southern
    ------------------------------


  • 2.  RE: Getting ifs file ownership and permission settings right with rsync

    Posted Fri October 04, 2024 12:13 PM

    Hi Montie, 

    Interesting thing you brought up here. Always good to learn something new on this platform. 

    I would expect PASE / IFS operations (in particular rsync which runs in PASE), would not much honor the IFS Object Permission attributes as it technically runs on a privileged user (needing it to allow access to do such actions so it might "throw" it away then to transfer to the system). 

    see this link : https://www.youtube.com/watch?v=fh7L3Nq6UgQ&ab_channel=Fortra & https://www.ibm.com/docs/en/i/7.4?topic=i-security

    I would expect that it somewhat needs to "cache" those to transfer it through to the other system but perhaps this is not yet added to this version as it's normally a ported AIX code that is allowed to run in IBM i. 

    PASE is somewhat "sketchy" with object-level permissions in IBM i O/S. Something to consider and note. 

    What you could do is after the RSYNC is done, apply perhaps the Object Level permissions post-execution.



    ------------------------------
    Marius le Roux
    Owner
    MLR Consulting
    ------------------------------

    Original Message


  • 3.  RE: Getting ifs file ownership and permission settings right with rsync

    Posted Fri October 04, 2024 12:45 PM

    I found the solution yesterday.  It wasn't anything I've ever had to do on Linux itself but it works perfectly.  There is a parm --super on rsync that does a great job of preserving the file ownership and permissions.  I'm guessing the Linux variant gets and keeps all that info via the --archive parm.  But once I added the --super parm it has started bringing everything over perfectly.

    The main thing I am wanting to synchronize is my imaging system which resides in the ifs.  It contains about 600,000-650,000 images at any given time.   Along with some small ancillary systems for EDI and customer stating and my Apache web server configurations.  Not massive stuff so rsync every 3-4 hours should be sufficient for my needs without having to script savf backups, ftp transfers and savf restores.



    ------------------------------
    Montie Southern
    ------------------------------

    Original Message


  • 4.  RE: Getting ifs file ownership and permission settings right with rsync

    Posted Fri October 04, 2024 01:38 PM

    I see, thanks for sharing the solution. 

    Perhaps have you considered trying SCP as well? (just thinking in words here but normally ports that are pervasive for firewalls like rsync might become blocked), SCP on the other hand more secure and can be "passwordless" , encrypted by default.



    ------------------------------
    Marius le Roux
    Owner
    MLR Consulting
    ------------------------------

    Original Message


  • 5.  RE: Getting ifs file ownership and permission settings right with rsync

    Posted Fri October 04, 2024 01:54 PM

    I've thought of others but this application really doesn't have big security concerns.  It's all happening behind my firewall on the internal network.  Separate buildings on the same campus.  Plus I'm going to activate rsync daemons to connect to but only allow rsync connections from each other in the config.  That will pretty much lock it down enough for what I need. 



    ------------------------------
    Montie Southern
    ------------------------------

    Original Message


  • 6.  RE: Getting ifs file ownership and permission settings right with rsync

    Posted Fri October 04, 2024 02:09 PM

    most perfect then, this is the best to have the systems of record normally. 

    all the best, Montie



    ------------------------------
    Marius le Roux
    Owner
    MLR Consulting
    ------------------------------

    Original Message


  • 7.  RE: Getting ifs file ownership and permission settings right with rsync

    Posted Fri October 04, 2024 02:22 PM

    Thank you Marius for helping with this and looking at it.



    ------------------------------
    Montie Southern
    ------------------------------

    Original Message


  • 8.  RE: Getting ifs file ownership and permission settings right with rsync

    Posted Fri October 04, 2024 03:49 PM
    Edited by Korinne Adler Fri October 04, 2024 03:51 PM

    Glad you found the --super flag, which is the answer here.

    rsync is designed around Unix limitations, so it will only respect the --user flag if rsync is running as the "super user". Traditionally, this means you are running as UID 0 (root in Unix, QSECOFR on IBM i). You can bypass this internal check by adding the --super flag. Linux has the same problem and --archive doesn't help as it's just an alias for a bunch of options.

    Note that as Marius mentioned, rsync currently can only save basic owner and group ownership and associated permissions. If you have any extra authorities added via CHGAUT, these will not be saved.

    As for scp, I wouldn't consider it any more secure than rsync. Both use SSH under the covers and can take advantage of SSH's key-based authentication, however scp cannot preserve ownership information (only file mode and access/modified times). Also, I don't know if it is in any way useful in this case, since as far as I can tell from the example commands in the original post, this is all happening on the same system with no remote access at all.



    ------------------------------
    Kevin Adler
    ------------------------------

    Original Message


  • 9.  RE: Getting ifs file ownership and permission settings right with rsync

    Posted Fri October 04, 2024 05:12 PM

    Good info to know. 

    The examples I sent up were testing.  I'm actually doing it between my two i boxes on the same subnet so it's pretty isolated.  And we don't have an extra authorities added to our stuff.  We try to keep it plain vanilla as much as we can.  The more complicated you make it the harder it is to diagnose when there are problems.



    ------------------------------
    Montie Southern
    ------------------------------

    Original Message


Related Content