Hi all,
a quick search didn't give a result for me, so if I overlooked something, please give me a hint.
I just wanted to share a little configuration instruction which gave me a bit of thinking. As I finally solved it, I thought that it might be helpful for others, just as a small contribution to the community.
What I want to achieve is to setup an rsync task for my local FreeNAS setup to pull neuralgic files from my virtual server which runs on the internet. Some sort of backup. The issue is that some directory and files are only accessible for a limited user group or even only root. To get the rsync task running, you have to prepare something on the remote host and something on your FreeNAS.
Lets start with the remote host.
Setup a user on the remote host
The user will have elevated permissions only for rsync. ssh to your remote host and become root. After this, you will have to configure a user. This is pretty much straightforward
At this point I assume that you have key based login enabled on your ssh server.
Configure rsync with sudo
Edit the sudoers file (as root) and insert one line to allow the rsync command to run as sudo. Open the file /etc/sudoers with your preferred editor and insert the following line:
This will allow the newly created user to run rsync as sudo without having to enter a password.
Lets now switch to our local system.
Setup a user on FreeNAS
I configured a user on my FreeNAS:
SSH key
I'm used to work with the terminal, so maybe the next step can be done from the web UI as well.
In order to be able to log in on the remote host, I need to have an SSH keypair in place, because my remote system does only permit key-based logins and I also don't want to have passwords stored somewhere in cleartext.
The last command will copy your public to to the remote system. If your newly created user on your FreeNAS is not allowed to login to your remote system with a password (for security reasons e.g.), you have to transfer your public key manually to your remote host by entering the content of your id_rsa.pub in your just created file /home/rsyncuser/.ssh/authorized_keys (on your remote system).
Test if you are able to login to your remote host without a password. You should do this step anyway because you will be asked on your first login if the remote server should be added to your known_hosts file.
If that worked you can exit the terminal and switch back to the FreeNAS' web UI.
Setup rsync task
Now we'll create an rsync task which will rsync /etc/ of the remote host so that all configurations are backed up. I have a dedicated dataset vserver within my data pool data. Of course you have to enable rsync in your "services" at this point.
Navigate in your web UI to Tasks>Rsync Tasks>Add
The last line was the part that was new to me as I have worked with Deb-based Linux systems only so far and I had configured this in my cronjobs in the past directly. It tells rsync to be executed with sudo on the remote system which we have configured to be permitted at the beginning of this short howto.
Finally enable the task and save it. I ran it manually for the first time to see if everything works.
That's about it. Hope it helps, questions welcome.
Kind regards
Martin
a quick search didn't give a result for me, so if I overlooked something, please give me a hint.
I just wanted to share a little configuration instruction which gave me a bit of thinking. As I finally solved it, I thought that it might be helpful for others, just as a small contribution to the community.
What I want to achieve is to setup an rsync task for my local FreeNAS setup to pull neuralgic files from my virtual server which runs on the internet. Some sort of backup. The issue is that some directory and files are only accessible for a limited user group or even only root. To get the rsync task running, you have to prepare something on the remote host and something on your FreeNAS.
Lets start with the remote host.
Setup a user on the remote host
The user will have elevated permissions only for rsync. ssh to your remote host and become root. After this, you will have to configure a user. This is pretty much straightforward
Code:
ssh loginuser@remotehost su adduser rsyncuser [follow instructions] su rsyncuser cd mkdir .ssh touch authorized_keys
At this point I assume that you have key based login enabled on your ssh server.
Configure rsync with sudo
Edit the sudoers file (as root) and insert one line to allow the rsync command to run as sudo. Open the file /etc/sudoers with your preferred editor and insert the following line:
Code:
rsyncuser ALL=NOPASSWD: /usr/bin/rsync
This will allow the newly created user to run rsync as sudo without having to enter a password.
Lets now switch to our local system.
Setup a user on FreeNAS
I configured a user on my FreeNAS:
Code:
GID:1004 Home directory:/mnt/DATAPOOL/HOMEDIR_DATASET/rsyncuser Shell:/usr/local/bin/bash Email:rsyncuser@somedomain.tld Password Disabled:N/A Lock User:N/A Permit Sudo:N/A Microsoft Account:N/A
SSH key
I'm used to work with the terminal, so maybe the next step can be done from the web UI as well.
In order to be able to log in on the remote host, I need to have an SSH keypair in place, because my remote system does only permit key-based logins and I also don't want to have passwords stored somewhere in cleartext.
Code:
ssh rsyncuser@MYNAS mkdir .ssh cd .ssh ssh-keygen [follow the instructions] ssh-copy-key rsyncuser@remotehost
The last command will copy your public to to the remote system. If your newly created user on your FreeNAS is not allowed to login to your remote system with a password (for security reasons e.g.), you have to transfer your public key manually to your remote host by entering the content of your id_rsa.pub in your just created file /home/rsyncuser/.ssh/authorized_keys (on your remote system).
Test if you are able to login to your remote host without a password. You should do this step anyway because you will be asked on your first login if the remote server should be added to your known_hosts file.
Code:
ssh rsyncuser@remote
If that worked you can exit the terminal and switch back to the FreeNAS' web UI.
Setup rsync task
Now we'll create an rsync task which will rsync /etc/ of the remote host so that all configurations are backed up. I have a dedicated dataset vserver within my data pool data. Of course you have to enable rsync in your "services" at this point.
Navigate in your web UI to Tasks>Rsync Tasks>Add
Code:
[configure to use the dataset as described above by selecting it in the web UI User: rsyncuser Remote Host: remotehost Rsync mode: SSH Remote SSH port: 22 Remote path: /etc Validate remote path: enabled Direction: Pull Short description: /etc/ Schedule the rsync task: Custom (0 */8 * * *) (this runs the rsync task every 8 hours) Recursive: enabled Times: enabled Compress: enabled Archive: enabled Delete: disabled Quiet: disabled Preserve permissions: enabled Preserve extended attributes: enabled Delay updates: enabled extra options --rsync-path="sudo rsync"
The last line was the part that was new to me as I have worked with Deb-based Linux systems only so far and I had configured this in my cronjobs in the past directly. It tells rsync to be executed with sudo on the remote system which we have configured to be permitted at the beginning of this short howto.
Finally enable the task and save it. I ran it manually for the first time to see if everything works.
That's about it. Hope it helps, questions welcome.
Kind regards
Martin
Last edited:
