Page 1 of 1

Rsync security grab bag?

Posted: Sat Jan 12, 2019 2:03 am
by aarbee
I have a situation with a few Qnaps. Being from me, or from customers and tried to connect 2 with Rsync.
I have 3 Qnaps myself. 2 On location, 1 on a remote location for backup only.
My customer is having 3 different Qnaps as well.

My setup:
Mainbox: 673
Extra: 219Pii
Remote 239

Mainbox 453
Extra 219Pii
Extra 219

If my customer connects with any of his Qnaps to my 673 he only sees the Share that I have prepared.

If I connect to my customers 219Pii from my mainbox, I see all his Shares and can even open them.
I have checked his settings, and they are equal to mine. I should not see all his shares.
The same with all his other Qnaps.

Now comes the strange part, None of his Qnaps see more than the prepared Share.
If I check with a special rsync user my mainbox, from my remote 239, I see all the shares.
I cannot understand why that is. To us this whole Linux security feels like a big grab box.
As the user I use here is exactly the same as my customer connects to my 673.
The only difference there is, is that the remote 239 is connected via a lan2lan vpn between 2 Draytek routers.

I think I miss some knowledge here.
Thanks ahead.

Re: Rsync security grab bag?

Posted: Thu Jan 24, 2019 1:55 am
by aarbee
I see this as an issue, if you have an older device.