# rsyncd config file not accepting hostname in hosts allow

## brent_weaver

Hello. I am trying to lock down a "rsync remote mount" with the hosts allow = hostname.domain.com directive adn it does not work. I verified the following:

DNS is working fine - I am able to nslookup on my pc's hostname

Putting in the IP address works fine (except we run DHCP so it will not work to leave it there)

tried hostname w/o fully qualifing it

The following is my /etc/rsyncd.conf file:

```

# Distributed under the terms of the GNU General Public License v2

# $Header: /var/cvsroot/gentoo-x86/net-misc/rsync/files/rsyncd.conf,v 

1.3 2004/07/15 00:11:37 agriffis Exp $

# Minimal configuration file for rsync daemon

# See rsync(1) and rsyncd.conf(5) man pages for help

# This line is required by the /etc/init.d/rsyncd script

pid file = /var/run/rsyncd.pid

uid = nobody

gid = nobody

use chroot = yes

#limit access to private LAN's

#hosts allow = 172.28.*.* 

#hosts deny = *

#the addresses on which the rsync deamon should listen

#address=192.168.0.1 10.0.0.1

max connections = 150

motd file = /etc/rsync/rsyncd.motd

#This will give you a separate log file

log file = /var/log/rsync.log

#This will log every file transferred - up to 85,000+ per user, per sync

transfer logging = yes

log format = %t %a %m %f %b

syslog facility = local3

timeout = 300

#If you need this, UPGRADE portage please!

#[gentoo-x86-portage]

#this entry is for compatibility

#path = /usr/portage

#comment = Gentoo Linux Portage tree

#exclude=distfiles/

[backup]

path = /rsync/bweaver

comment = Brent's Backup sync site

read only = no

guest ok = yes

public = yes

hosts allow = bweaverxp

```

emperor ~ # ping bweaverxp

PING bweaverxp.idx.com (172.28.133.42) 56(84) bytes of data.

64 bytes from 172.28.133.42: icmp_seq=1 ttl=128 time=0.501 ms

64 bytes from 172.28.133.42: icmp_seq=2 ttl=128 time=0.395 ms

64 bytes from 172.28.133.42: icmp_seq=3 ttl=128 time=0.411 ms

64 bytes from 172.28.133.42: icmp_seq=4 ttl=128 time=0.400 ms

--- bweaverxp.idx.com ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3002ms

rtt min/avg/max/mdev = 0.395/0.426/0.501/0.050 ms

----------

## Crisis

What exactly "doesn't work"?  

Can nobody connect?  

Everybody connect?  

Anything interesting in the logs?  

Can the client you are trying to allow to connect ping or connect to the server via other means?

----------

## brent_weaver

when I try to sync from my windows box (the one in the hosts allow list) it gives me the following:

@ERROR - access denied to backup from unknown x.x.x.x.

If I remove the hosts allow directive from the share section all works well. If I add the IP address instead of hostname it works great.

oddly there is no rsyncd.log file in /var/log as the rsyncd.conf file indicates there should be.

Help!

----------

## Crisis

Can I see your /etc/hosts file?

----------

## brent_weaver

```

emperor log # cat /etc/hosts

# /etc/hosts:  This file describes a number of hostname-to-address

#              mappings for the TCP/IP subsystem.  It is mostly

#              used at boot time, when no name servers are running.

#              On small systems, this file can be used instead of a

#              "named" name server.  Just add the names, addresses

#              and any aliases to this file...

# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/hosts,v 1.8 2003/08/04 20:12:25 azarah Exp $

#

127.0.0.1       localhost emperor.idx.com

# IPV6 versions of localhost and co

::1 ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts

```

Also why is a logfile not being written. I have already looked on the web and cannot find these answers.

----------

## Crisis

Add:

172.28.133.42 bweaverxp.idx.com

to /etc/hosts

 *Quote:*   

> uid = nobody
> 
> gid = nobody 

 

My guess is that is does not have the proper rights to write to /var/log.  There are many routes you could take to fix this, but I bet that is your problem.

----------

## brent_weaver

thanks for the suggestion, problem is that my pc is running DHCP and that address changes every 4 days. Why would can I not rely on the networks DNS? What am I missing?

----------

## Crisis

Well I wanted to see if that fixed it first in the short term.  Did you fix your logging problem yet to see if it gives you any more info?

You could run rsyncd as root then it would be able to log or make a user with rights.

----------

## brent_weaver

That is a great point. I tried to add my host to /etc/host and it did not work. It works like a champ if I put the IP address. This is begining to make me think that I am not the problem, insted it is.

And I am still puzzled as to why it does not log.

----------

## Crisis

 *Quote:*   

> And I am still puzzled as to why it does not log.

 

Did you try setting it to run as root, or a user that has permission to /var/log, or changing the log file to someplace where the user the process is running as has rights to?

If you are running it as nobody:nobody, then it will not have permission to write into /var/log

----------

## brent_weaver

I am under the impression that "nobody nobody" means the user and group which are assumed when files get created on the mirror. Below is an example:

```

emperor bweaver # ls -la

total 0

drwxrwxrwx  3 root   root    80 Jun 15 14:34 .

drwxrwxrwx  4 root   root    72 Jun 15 11:18 ..

dr-x------  3 nobody nobody 288 Jun 17 09:31 My Documents

```

The above is what I am syncing to, notice the ownership. Maybee I am incorrect, but it seems to be the case. I am running this process as root, I have it in my default runlevel and when I look at rsynd root is the process owner, as displayed below:

```

emperor bweaver # ps -ef |grep rsync 

root     11752     1  0 11:25 ?        00:00:00 rsync --daemon

```

I am out of ideas.

----------

## Crisis

Hmm I have mine ser to root, but then again I don't allow files to be written so I'm not sure.

Alos I noticed I have this:

syslog facility = local5

Where yours is set to local3.  That may be right though depending on your logger.

----------

## brent_weaver

I am using syslog-ng is that matters.

----------

## Crisis

me too, did you try it as local5?

----------

