Environment
Novell Open Enterprise Server 2 (OES 2) Linux
Situation
Daemons running as nobody, such as 'rsync' cannot store files on NSS volumes.
When running 'rsync' as a daemon, one setup a module which points to a directory where files either storer;
[test]
path=/media/nss/VOLUME/rsync
read only = no
use chroot = yes
strict modes = no
transfer logging = yes
timeout=3600
When sending files one specifies the name of the module, in this case 'test'.
# rsync -avzp * oeshost::test
But default this failes with;
rsync: mkstemp "/.myfile.6FrDxA" (in test) failed: Permission denied (13)
Normally on Linux one controls the access rights with the posix rights (chmod, chown, etc), setting the directory to rwx.rwx.rwx (777) does not solve the problem.
When running 'rsync' as a daemon, one setup a module which points to a directory where files either storer;
[test]
path=/media/nss/VOLUME/rsync
read only = no
use chroot = yes
strict modes = no
transfer logging = yes
timeout=3600
When sending files one specifies the name of the module, in this case 'test'.
# rsync -avzp * oeshost::test
But default this failes with;
rsync: mkstemp "/.myfile.6FrDxA" (in test) failed: Permission denied (13)
Normally on Linux one controls the access rights with the posix rights (chmod, chown, etc), setting the directory to rwx.rwx.rwx (777) does not solve the problem.
Resolution
Access rights on NSS are not controlled with the posix rights, but through eDirectory, and 'nobody' is mapped to [public]. There for to allow daemons who run as nobody one have to give [public] access rights to the directory.
# cd /media/nss/VOLUME/rsync
# rights trustee "[public]" -r rf
# rights show
Trustees and Inherited Rights Filter
------------------------------------
File: /media/nss/VOLUME/rsync
------------------------------------
Trustees:
(1) [Public]
[read, scan]
Inherited Rights Filter:
[supervisor, read, write, create, erase, access control, scan, modify]
This is also possible using iManager.
# cd /media/nss/VOLUME/rsync
# rights trustee "[public]" -r rf
# rights show
Trustees and Inherited Rights Filter
------------------------------------
File: /media/nss/VOLUME/rsync
------------------------------------
Trustees:
(1) [Public]
[read, scan]
Inherited Rights Filter:
[supervisor, read, write, create, erase, access control, scan, modify]
This is also possible using iManager.