rsync User einrichten

pixl

Hallo,

ich schaffe es einfach nicht, einen User ungleich admin einzurichten, mit dem ich mich ungleich der GUI Oberfläche anmelden kann.

Ich lege mir einen User XYZ mit einem ganz einfachen Passwort und ALLEN erdenklichen Rechten an, kann mich an der Weboberfläche anmelden, wenn ich aber mit Putty ran will, oder mein Synology NAS mit rsync sichern will, geht das alles nach wie vor nur mit dem User admin, alle anderen brechen ab mit Authentifizierungsfehlern.

Ich denke mal, das ist nur ein kleines Häkchen beim User anlegen oder danach, aber ich finde es nicht.

Bin für jeden Tipp dankbar!

Mijzelf

A few pointers

AFAIK the firmware rsync is a part of the BackupPlaner package, and it is only intended to setup a communication between ZyXEL NASses. Actually it's not rsync, but a clone, zysync. I'm a bit surprised you managed to get rsync communication at all, when I tried a few years ago I failed. But maybe I did something wrong, or meanwhile the zysync binary is changed.

I solved it at the time by compiling my own rsync (server+client) which you can find in my RandomTools package.

Bei Synology ist es sogar so, dass man den admin aus Sicherheitsgründen deaktivieren soll, eine Idee die ich verstehe!

Admin is not root. (Although it uses the same password). And if you deactivate it, how to reactivate?

As far as I remember rsync server uses a secrets file for login purposes. I cannot remember if it can also use passwd/shadow. If the latter is the case, and it is used in zysync, then another user then admin cannot login. On a ZyXEL only root and admin have a passwd/shadow entry. All other users only have a smbpasswd entry, and pam is used for all logins which are not samba.

In my Tweaks package there is an option to give 'ordinary users' shell access, and a passwd/shadow entry. (With a passwd which can be different from the smbpasswd.)

pixl

Ist ja wie ein Taubenschlag hier! Man kommt ja gar nicht nach mit dem Lesen! :D

Kann man irgendwie mal bei Zyxel selber nachfragen, warum sich keine User die nicht admin sind vernünftig anlegen lassen? Bei Synology ist es sogar so, dass man den admin aus Sicherheitsgründen deaktivieren soll, eine Idee die ich verstehe!

Und bei Zyxel? Gibt es hier irgend jemanden, der auf dem NAS542 einen User angelegt hat, mit dem man mit Putty zugreifen kann, mit dem man remote rsync betreiben kann?

Mir will das einfach nicht gelingen!

Mijzelf

A few pointers

AFAIK the firmware rsync is a part of the BackupPlaner package, and it is only intended to setup a communication between ZyXEL NASses. Actually it's not rsync, but a clone, zysync. I'm a bit surprised you managed to get rsync communication at all, when I tried a few years ago I failed. But maybe I did something wrong, or meanwhile the zysync binary is changed.

I solved it at the time by compiling my own rsync (server+client) which you can find in my RandomTools package.

Bei Synology ist es sogar so, dass man den admin aus Sicherheitsgründen deaktivieren soll, eine Idee die ich verstehe!

Admin is not root. (Although it uses the same password). And if you deactivate it, how to reactivate?

As far as I remember rsync server uses a secrets file for login purposes. I cannot remember if it can also use passwd/shadow. If the latter is the case, and it is used in zysync, then another user then admin cannot login. On a ZyXEL only root and admin have a passwd/shadow entry. All other users only have a smbpasswd entry, and pam is used for all logins which are not samba.

In my Tweaks package there is an option to give 'ordinary users' shell access, and a passwd/shadow entry. (With a passwd which can be different from the smbpasswd.)

pixl

Thank you for your answer Mijzelf! :)

Indeed, it works fine with the Zyxel admin credentials. On Synology side you only have to choose rsync as backup type and "rsync compatible server" as server type instead of "Synology rsync server". With the admin credentials it purrs like a kitten.

As mentioned previously, Synology advices to deactivate the default admin account (first you have to create your own user with the same privileges as the user admin), to close one open door. That sounds very sensible to me, don't you think?

So I tried to do the same inside my Zyxel NAS542 system control user administration. I created an user on the administration GUI with admin privileges. With this user the backup fails with an authentification error message. As I tried to connect to the Zyxel server with this new, admin privileged user via Putty, I'm not able to connect too.

So in my eyes the Zyxel user administration is absolutely unusable. Isn't it? Why it is possible to create an user with admin privileges (or user privileges) you cannot use outside the GUI? ;) (At least the user administration needs an additional point "Use/Not to use with ssh etc.".)

Mijzelf

As mentioned previously, Synology advices to deactivate the default admin account (first you have to create your own user with the same privileges as the user admin), to close one open door. That sounds very sensible to me, don't you think?

It won't hurt. But from security perspective it doesn't change much, I think. Basically you made the admin name a secret, adding that to the password secret. You could have reached the same level of security by adding a few characters to the admin password. But maybe I'm overlooking something.

So in my eyes the Zyxel user administration is absolutely unusable. Isn't it? Why it is possible to create an user with admin privileges (or user privileges) you cannot use outside the GUI? ;)

Added users can access the NAS outside the GUI. They have samba and ftp access, and probably also cloud access, although I never looked at the cloud functions, and so I'm not sure.

(At least the user administration needs an additional point "Use/Not to use with ssh etc.".)

Yes, there are enough wishes left. But you bought that ZyXEL because it was way cheaper than a (hardware) comparable Synology, didn't you? Thankfully ZyXEL didn't skimp (much) on hardware, so they had to get it elsewhere.