Setting up an Rsync daemon on a server enables efficient and secure file mirroring to remote clients. This guide walks through deploying a sync service on 192.168.18.211 to replicate /root/rsync-server/ to a client's /root/rsync-local directory, leveraging CentOS 6.5's built-in rsync capabilities.
Verification and Installation
Confirm rsync is already present on the system:
rpm -q rsync
If the package is absent, install it:
yum install -y rsync
Manage the xinetd daemon that listens for rsync requests:
service xinetd start
Daemon Configuration on the Server
Preparing Authentication Credentials
Create a user credential file that maps a system account to a shared secret. Place one entry per line with the format username:password.
echo "syncadmin:secretpass123" > /etc/rsyncd.secrets
chmod 600 /etc/rsyncd.secrets
Defining Global and Module Parameters
Populate /etc/rsyncd.conf to govern daemon behavior and share declarations.
uid = nobody
gid = nobody
use chroot = yes
pid file = /var/run/rsyncd.pid
log file = /var/log/rsyncd.log
[main_repo]
path = /root/rsync-server
comment = Centralized Sync Repository
auth users = syncadmin
secrets file = /etc/rsyncd.secrets
read only = yes
list = yes
hosts allow = 192.168.19.0/24
Key explanations: Using nobody limits privilege exposure. The [main_repo] module label is what clients reference during pull operations. auth users must correspond to a real local account—here we use syncadmin created earlier. Network restrictions are enforced via hosts allow.
Integrating with xinetd
Modify /etc/xinetd.d/rsync to include the custom configuration path. Set server_args accordingly:
server_args = --daemon --config=/etc/rsyncd.conf
Enable and restart the service:
chkconfig rsync on
service xinetd restart
Client Synchronization Setup
Storing the Authentication Token
On the client machine (192.168.19.25), save only the password string that matches the server secret.
echo "secretpass123" > /etc/rsyncd.pass
chmod 600 /etc/rsyncd.pass
Performing Manual and Automated Syncs
Verify connectivity by listing the shared module's contents:
rsync syncadmin@192.168.18.211::main_repo
Pull files into the local destination path:
rsync -avz --password-file=/etc/rsyncd.pass \
syncadmin@192.168.18.211::main_repo /root/rsync-local
To schedule incremental updates via cron, add an entry that runs daily at 03:00 AM:
crontab -l | { cat; echo "0 3 * * * /usr/bin/rsync -az --delete --password-file=/etc/rsyncd.pass syncadmin@192.168.18.211::main_repo /root/rsync-local"; } | crontab -
The --delete flag ensures extraneous files removed at the source are also purged locally.
Firewall Considerations
Allow TCP port 873 through iptables on both endpoints:
iptables -I INPUT -p tcp --dport 873 -j ACCEPT
service iptables save
If experimenting in a non-production lab, temporarily flush rules with service iptables stop to isolate network-related failures.
Common Synchronization Failures and Remedies
@ERROR: chroot failed: Thepathdirectory specified in the module does not exist or lacks proper permissions. Ensure the folder is created world-readable/writable based on theuid/gidsettings.@ERROR: auth failed on module X: Mismatch between client-supplied credentials and server secrets. Verify the password file on the client contains only the secret (no username prefix), while the server’s secrets file retainsuser:passformat.password file must not be other-accessible: Permissions on the client-side password file are too permissive. Enforcechmod 600.failed to connect: Connection refused: The rsync daemon is not running. Launch it manually withrsync --daemon --config=/etc/rsyncd.confor ensure xinetd is managing the service through its configuration.No space left on device: Disk capacity on the destination directory is exhausted. Free up space or expand the volume.Connection reset by peer: Often indicates that the server’srsyncd.confpath is unreachable or the xinetdserver_argsdirective points to a wrong location. Validate the--configargument.