Rsync serves two primary functions in an infrastructure context: acting as a dedicated server for data backups and facilitating centralized log storage.

Rsync Service Overview

Rsync is an open-source utility for efficient file synchronization and remote data copying, supporting both full and incremental transfers.

Installation

apt-get install -y rsync  # For Debian/Ubuntu
# or
# yum install -y rsync    # For RHEL/CentOS

Operational Modes

Local File Operations Rsync can perform local file copies similar to cp.

rsync /etc/passwd /tmp/passwd_copy

Remote Data Transfer For remote transfers, it functions like scp. Note these directory semantics:

• A trailing slash (/source_dir/) copies only directory contents.
• No trailing slash (/source_dir) copies the directory itself and its contents.

rsync -rp /var/log/messages 192.168.1.100:/archive/logs_backup

The -r flag enables recursive copying, while -p preserves file attributes.

Directory Synchronization with Deletion The --delete flag enables mirror synchronization, removing files on the target that don't exist in the source.

rsync -r --delete /empty_dir/ 192.168.1.100:/target_dir/

This method can rapidly clear directory contents, often faster than recursive deletion commands.

Basic File Listing

rsync /etc/network/interfaces

Syntax Patterns

Local Transfers

rsync [OPTIONS] SOURCE [DESTINATION]

Remote Shell Operations

• Pull from remote: rsync [OPTIONS] [USER@]HOST:SOURCE [DESTINATION]
• Push to remote: rsync [OPTIONS] SOURCE [USER@]HOST:DESTINATION

Daemon Mode Operations Rsync daemon mode provides configuration management, security policies, and automated transfers.

• Pull: rsync [OPTIONS] [USER@]HOST::MODULE [DESTINATION] or rsync [OPTIONS] rsync://[USER@]HOST[:PORT]/MODULE [DESTINATION]
• Push: rsync [OPTIONS] SOURCE [USER@]HOST::MODULE or rsync [OPTIONS] SOURCE rsync://[USER@]HOST[:PORT]/MODULE

Daemon Configuration Process

A standard Linux service deployment follows these steps:

1. Package instalaltion
2. Configuration file creation
3. Environment setup (directories, permissions)
4. Service initialization and auto-start configuration
5. Functional validation

Configuration File Setup

Create /etc/rsyncd.conf:

# Rsync Daemon Configuration
uid = rsyncd
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
port = 873
use chroot = no
gid = rsyncd
max connections = 200
timeout = 600
auth users = backup_user
secrets file = /etc/rsync_auth
hosts allow = 192.168.1.0/24
ignore errors = yes
read only = no
list = no
fake super = yes

[archive]
    comment = Primary backup repository
    path = /data/backups

[logs]
    comment = System log storage
    path = /var/archive/logs

Service Account Creation

groupadd rsyncd
useradd -r -M -s /bin/false -g rsyncd rsyncd

Authentication Setup

echo "backup_user:secure_password123" > /etc/rsync_auth
chmod 600 /etc/rsync_auth
chown rsyncd:rsyncd /etc/rsync_auth

Directory Preparation

mkdir -p /data/backups /var/archive/logs
chown -R rsyncd:rsyncd /data/backups /var/archive/logs

Service Management

systemctl start rsync
gsystemctl enable rsync
gsystemctl status rsync
g

Advanced Rsync Parameters

• -v: Verbose output
• -a: Archive mode (includes -rtopgDl)
• -z: Compression during transfer
• -P: Progress display and partial transfer resumption
• --exclude=PATTERN: Skip matching files
• --exclude-from=FILE: Batch exclusion via file
• --bwlimit=RATE: Limit transfer bandwidth (KB/s)
• --delete: Mirror source exactly (use cautiously)

Client Configuration

Create client password file (containing only the password):

echo "secure_password123" > /etc/rsync_client_pass
chmod 600 /etc/rsync_client_pass

Push Operation Example

rsync -avz /var/www/html backup_user@192.168.1.100::archive \
    --password-file=/etc/rsync_client_pass

Pull Operation Example

rsync -avz backup_user@192.168.1.100::logs /local/log_backup \
    --password-file=/etc/rsync_client_pass

Multi-Module Configuration

Add additional modules to /etc/rsyncd.conf:

[database]
    comment = Database backups
    path = /backup/databases

[development]
    comment = Development data
    path = /storage/dev

Create corresponding directories:

mkdir -p /backup/databases /storage/dev
chown rsyncd:rsyncd /backup/databases /storage/dev
systemctl restart rsync
g

Exclusion Patterns

Example Directory Structure

mkdir -p /source/{project_a,project_b,project_c}
touch /source/{project_a,project_b,project_c}/{file1,file2,file3}.dat
tree /source

Single Exclusions

rsync -avz /source \
    --exclude=project_b/file2.dat \
    --exclude=project_c/ \
    backup_user@192.168.1.100::archive \
    --password-file=/etc/rsync_client_pass

Batch Exclusions via File Create exclusion list /root/exclude_list.txt:

project_b/*.tmp
project_c/temp/
*.log

Execute with:

rsync -avz /source \
    --exclude-from=/root/exclude_list.txt \
    backup_user@192.168.1.100::archive \
    --password-file=/etc/rsync_client_pass

Organized Backup Structure Rsync can create directory hierarchies during transfer:

rsync -avz /etc/nginx/nginx.conf \
    backup_user@192.168.1.100::archive/host-web01/ \
    --password-file=/etc/rsync_client_pass

This creates /data/backups/host-web01/nginx.conf on the server.

Security and Access Controls

Configure either allow or deny lists in /etc/rsyncd.conf:

# Allow specific network only
hosts allow = 192.168.1.0/24
# Deny all others (default)
hosts deny = 0.0.0.0/0

To enable module listing (set list = yes and restart service):

systemctl restart rsync
g
rsync backup_user@192.168.1.100::