Rsync server setup on RHEL,SL,CentOS, did not test on other Linux distributions, in principle, they should be same, or similar.

Rsync is a fast and extraordinarily versatile file  copying  tool.   It can  copy  locally,  to/from  another  host  over  any remote shell, or to/from a remote rsync daemon.

It offers a  large  number  of  options that  control  every  aspect  of  its behavior and permit very flexible specification of the set of files to be copied.  It is famous  for  its  delta-transfer  algorithm,  which  reduces the amount of data sent over the network by sending only the differences between  the  source  files and  the  existing  files in the destination.

Rsync is widely used for backups and mirroring and as an improved copy command for everyday use.

By default, rsyncd listens port 873 for incoming connections from other computers utilizing rsync.

Note: this is not recommended for the transfer of files across unsecured networks, such as the Internet, because the actual data transfer is not encrypted. Use this to keep information synchronized between different computers in internal networks, as well as perform backups.

There are basic two different approaches to have rsync running as a daemon, one is to launch the program with the --daemon parameter, and the other is to have inetd or xinetd to launch rsync and have it running as the other services that inetd and xinetd handles


In any case, we must configure the file /etc/rsyncd.conf, we start with simple one, minimum module paramenters.

The rsyncd.conf file is the runtime configuration file for rsync when run as an rsync daemon.


The rsyncd.conf file controls authentication, access, logging and available modules.

Example of rsyncd.conf

# cat /etc/rsyncd.conf
log file = /var/log/rsync.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
[backup]
        path = /home/backups
        comment = backup files
        read only = yes
        hosts allow = 192.168.1.1, 192.168.1.2
        hosts deny = *
        list = true

Daemon mode

On server

# rsync --daemon
#  netstat -putan | grep 873
tcp        0      0 0.0.0.0:873                 0.0.0.0:*         LISTEN      28661/xinetd

Also, you can check /var/log/rsync.log, you should see message like below

rsyncd version 3.0.6 starting, listening on port 873

On client

#rsync testrsyncserver::
backup        backup files

More examples of rsync usage, check rsync examples

To stop the rsync server

#killall rsync

Use TCP Wrapper

It is via xinetd, the Extended Internet Services Daemon service is a TCP-wrapped super service which controls access to a subset of popular network services, including ftp, IMAP,rsh,rlogin,rsync and Telnet etc.. check xinetd and TCP wraper

Note: xinetd uses TCP wrapper, so you may see rsync --daemon works, but not via xinetd.

Step 1: Enable rsync service in xinetd

# cat /etc/xinetd.d/rsync
service rsync
{
    disable    = no
    socket_type     = stream
    wait            = no
    user            = root
    server          = /usr/bin/rsync
    server_args     = --daemon
    log_on_failure  += USERID
}

then, restart/reload xinetd service

Another way to enable rsync is

#chkconfig rsync on

They both work, but, you have to remember that the second way is only to reload xinetd, so if your xinetd is stopped, then you have to explicitly start xinetd service.

Step 2: Enable host and service connection

Add a rule like below in /etc/hosts.allow
rsync            : 192.168.1.0/255.255.255.0

The following is the sequence of events followed by xinetd when a client requests a connection:

First: The xinetd daemon accesses the TCP Wrappers hosts access rules using a libwrap.a library call (files /etc/hosts.allow,deny). If a deny rule matches the client, the connection is dropped. If an allow rule matches the client, the connection is passed to xinetd.

Then: The xinetd daemon checks its own access control rules both for the xinetd service and the requested service. If a deny rule matches the client, the connection is dropped. Otherwise, xinetd starts an instance of the requested service and passes control of the connection to that service.

Step 3: verify the rsync.conf

Yes, same as daemon mode, it's /etc/rsync.conf

[backup]
    path = /home/backups
    comment = backup files
    uid = root
    gid = root
    read only = no
    list = true
    auth users = rsyncclient,backup
    secrets file = /etc/rsyncd.secrets
    hosts allow = 192.168.1.1,192.168.1.2

Note: green color parameters are optional

Step 4: secrets file  optional

Here is the secret file looks like, remember, change the permission of this file so it can't be read or odified by other users, rsync will fail if the permissions of this file are not appropriately set:

#chmod 600 /etc/rsyncd.secrets
#cat /etc/rsyncd.secrets
rsyncclient:passWord
backup:Password
user001:password

Step 5: specific port

Further more, unlike inetd, xinetd doesn't need to have an entry in /etc/services, it can handle the port/protocol by itself. If rsync is defined in /etc/services, the lines port and protocol can be omitted. So, if you want to specify rsync ports.

change /etc/xinetd.d/rsync is enough.
    port         =873
    protocol    =tcp

More secure, more detail

At the beginning, we showed the /etc/rsyncd.conf, there are basically two sections in the file, the global parameters and the modules section.

The global parameters define the overall behavior of rsync.

    lock file is the file that rsync uses to handle the maximum number of connections
    log file is where rsync will save any information about it's activity;
when it started running, when and from where does other computers connect, and
any errors it encounters.
    pid file is where the rsync daemon will write the process id that has been assigned to it,
this is useful because we can use this process id to stop the daemon.

After the global parameters, is modules section, every module is a folder that we share with rsync, the important parts here are:

    [name]   is the name that we assign to the module. Each module exports a directory tree. 
The module name can not contain slashes or a closing square bracket.
    [path] is the path of the folder that we are making available with rsync
    [comment]is a comment that appears next to the module name when a client obtain the list of
all available modules
    [uid] When the rsync daemon is run as root, we can specify which user owns the files
that are transfer from and to.
    [gid] This allows us to set the group that own the files that are transferred if the
daemon is run as root
    [read only] determines if the clients who connect to rsync can upload files or not,
the default of this parameter is true for all modules.
    [list allows] the module to be listed when clients ask for a list of available modules,
setting this to false hides the module from the listing.
    [auth users] is a list of users allowed to access the content of this module, the users
are separated by comas. The users don't need to exist in the system,
they are defined by the secrets file.
    [secrets]file defines the file that contains the usernames and passwords of the valid users
for rsync
    [hosts] allow are the addresses allowed to connect to the system. Without this parameter
all hosts are allowed to connect.