Rsync

[Impact]

Hello,

I'm looking to Rsync via SSH from an Ubuntu (18.04 LTS) to a TrueNAS Core server (13.0-U3.1), however, I'm consistently running into the following error message:

user@ubuntuserver:~$ sudo /folder/rsync.sh
sending incremental file list
rsync: [generator] failed to set permissions on "/mnt/pool-name/dataset-name/.": Operation not permitted (1)
./
rsync: [generator] failed to set permissions on "/mnt/pool-name/dataset-name/folder/file.txt": Operation not permitted (1)
.
.
.
** the same error message is displayed for every file **
.
.
.
Number of files: 163 (reg: 146, dir: 17)
Number of created files: 146 (reg: 146)
Number of deleted files: 0
Number of regular files transferred: 146
Total file size: 290,259,483 bytes
Total transferred file size: 290,259,483 bytes
Literal data: 290,259,483 bytes
Matched data: 0 bytes
File list size: 0
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 290,344,774
Total bytes received: 2,924

sent 290,344,774 bytes received 2,924 bytes 64,521,710.67 bytes/sec
total size is 290,259,483 speedup is 1.00
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1196) [sender=3.1.2]

Rsync moves across all folders to TrueNAS Core, however, none of the files is synced across, I'm assuming this is a permissions issue though I'm yet to track down the reason.

User & Group Settings

I've created an SSH Keypair in TrueNAS and have placed the generated private key on the Ubuntu server along with placing the public key in the SSH Public Key section on the TrueNAS user I'm using for SSH access, the user has a home directory set as required by the SSH Public Key setting.

The user is part of a group which is set under Group in the ACL settings for the dataset I'm syncing to, the @group has ACL = Allow, Permission Type = Basic, Permissions = Full Control and Flags = Inherit.

SSH Service Settings

Allow Password Authentication has been disabled, you can only connect with SSH via keys.

SMB

Created with the same @group permissions outlined above, the path is used in the Rsync script.

Servers

The servers are on the same network.

This feels like it may be something simple as I previously had Rsync working, however, I had to start again from scratch and I'm left with the error at the start of the thread.

Any advice would be appreciated.

Thank you

 

[HoneyBadger]

The user is part of a group which is set under Group in the ACL settings for the dataset I'm syncing to, the @group has ACL = Allow, Permission Type = Basic, Permissions = Full Control and Flags = Inherit.

Did you set the ACL on your dataset up using the who=group@ literal, or who=Group with the group name selected? The former is a link to "the owner group" which might not be identical to the group your replication user is a member of (eg: replgroup in my setup)

 

[Impact]

Hello HoneyBadger and thanks for the quick reply.

I've checked the dataset and it was set up as who=group@, I've added an extra ACL Item with who=group and specified the group (e.g. replgroup).

This has meant I no longer get the initial error at the start of the script:

rsync: [generator] failed to set permissions on "/mnt/pool-name/dataset-name/.": Operation not permitted (1)

Unfortunately, I still get the Operation not permitted on each file though and no files synced across:

rsync: [generator] failed to set permissions on "/mnt/pool-name/dataset-name/folder/file.txt": Operation not permitted (1)

Apologies if I misunderstood your explanation.

 

[winnielinnie]

user@ubuntuserver:~$ sudo /folder/rsync.sh

What are the contents of this shell script file? Maybe it might clue us in to why you're getting these permission errors? (You can filter out anything that might reveal personally identifying info.)

 

[Impact]

Hello winnielinnie,

Please see below.

Code:

#!/bin/bash
#SSH KEY
SSHKEY=/private/keys/here
#EMAIL
SUBJECT="Rsync"
Date=$(date +'%m-%d-%Y')
Time=$(date +'%r')
#DOES LOCK FILE EXIST?
if [ -e /scripts/rsync.lock ]
then
exit
else
echo "Rsync running" > /scripts/rsync.lock
fi
#RSYNC COMMAND
rsync -av -e 'ssh -o StrictHostKeychecking=no -p 22 -i '$SSHKEY'' --stats --exclude "/.recycle" --exclude "/#recycle" --delete /volume1/ubuntu-server-dataset/ truenasuser@192.168.1.50:/mnt/pool-name/dataset --log-file=$SER$
SUCCESSSERVERMOVE=$?
#REMOVE LOCK FILE
rm /scripts/rsync.lock
#EMAIL NOTIFICATION
if [ "$SUCCESSSERVERMOVE" -eq 0 ]
then
echo -e "Rsync successful." "$Date" "$Time" | mutt -s "$SUBJECT" -- email@address.com
else
echo -e "Rsync failed." "$Date" "$Time" | mutt -s "$SUBJECT" --  email@address.com
fi
#END

 

[winnielinnie]

Is this the same UID on Ubuntu and TrueNAS?

 

[Impact]

I've just checked and it's the same UID on both servers (1000). Originally they had different usernames, however, I've just tested with matching usernames and there's no change in the error message.

Is it more common for people to use the built-in Rsync functionality to push/pull files?

 

[winnielinnie]

Can you also add your user explicitly (not just "owner@") to the dataset's permissions?

 

[Impact]

Hello winnielinnie,

I've tested a different way which works, almost, and then goes back to the same error message.

1. If I go into the dataset permissions and click the Strip ACLs followed by save, then re-open the permissions and use the Open ACL preset and run the Rsync script; any files in the root of the Ubuntu server are not synced across (e.g. /file.txt), the Operation not permitted (1) error persists, however, any folders in the root and their contents sync across as expected (e.g. /folder/file.txt).
2. Strangely, you can only run the Rsync script once, if you attempt to run it again you get the Operation not permitted (1) for all files regardless of whether they are in the root directory or within folders.- basically, I'm back to square one and the first post in this thread.
3. If I repeat step 1 in this process (e.g. Strip ACLs, save, re-open and use the Open ACL preset), the script runs and syncs everything but files in the root directory, again, the process can only be run once without stripping ACL etc.

Two steps forward, one step backwards.

Is there any reason I'd have to reset ACL permissions after running a Rsync task via SSH?

Thank you both for the assistance so far, it's greatly appreciated!