Search code examples
macosbashscriptingpermissionsbackup

Running rsync as root: Operations Not Permitted


World!

I have a backup script that would run rsync for every user and will archive their /User/user folder onto our shared drive. Running into an interesting problem with rsync: when executing the script as "sudo" from the shell as the current user I'm unable to preserve the permissions of other users. It will error out and say: rsync: chown <path> - operations not permitted(1)

Do I have to chown every user's folder as root before executing the command? The command in being used and in question:

/usr/bin/rsync -av --human-readable --progress /Users/$name/ --exclude=".*" --exclude="Public" /Backup/$name\ -\ $(date +%m-%d-%y)  --exclude=".*/"

Thank you!


Solution

  • It's because the target is on a mounted network volume. You're running rsync as root, but that only gives you permissions to change ownership on the local (client) computer -- as far as the file server is concerned, you're whatever user authenticated to it, i.e. not root (unless you're using NFS, in which case it's more complicated). Since you're authenticated to the server as a normal user, all files you create on the server will be owned by that normal user, and you won't have permissions to change that.

    I see two possible solutions:

    • Don't try to set ownership on the server. Use rsync -rltgoDv ... instead of rsync -av .... -a is equivalent to -rlptgoD; leaving off the -p means it won't try to set ownership on the target files, it'll just store them all as the current (authenticated to server) user.

    • If you really need to preserve ownership (and your local accounts are the same as those on the server), run rsync over SSH instead of file sharing, and SSH into the server as root. Something like rsync -av ... root@server:/Backup/$name\ -\ $(date +%m-%d-%y) ...

      Note that allowing root SSH into a server is generally a bad idea. If you want to do it this way, I'd create an SSH public/private key pair (with an encrypted private key), use that for authentication, and configure the server to reject password-based SSH authentication (at least for root).