Setting Up an Rsync Daemon for Network-Wide Backups (Ultimate Guide)
π
Setting up an Rsync Daemon (rsyncd) is one of the most efficient ways to synchronize and back up data across multiple servers. Unlike traditional Rsync over SSH, Rsync daemon operates as a standalone service, allowing multiple clients to connect simultaneously for high-speed, parallel backups over the network.
This step-by-step guide will show you how to install, configure, and optimize an Rsync Daemon, covering security, authentication, performance tuning, and troubleshooting.
π What Youβll Learn
β
How to install and enable Rsync daemon (rsyncd)
β
How to configure authentication and access control
β
How to secure Rsync daemon from unauthorized access
β
How to optimize performance for large-scale backups
β
How to troubleshoot common Rsync server issues
πΉ Suitable for: IT professionals, system administrators, and DevOps engineers
πΉ Skill Level: Beginner β Advanced
π 1. What Is Rsync Daemon and Why Use It?
Unlike traditional Rsync over SSH, Rsync Daemon runs as a persistent background service, allowing multiple clients to access it without requiring SSH authentication.
πΉ Benefits of Rsync Daemon (rsyncd)
β
Faster than Rsync over SSH β No SSH encryption overhead, faster transfers
β
Multiple clients can connect at once β Ideal for enterprise-wide backups
β
Can work without user login β Useful for headless systems & restricted environments
β
Custom authentication and access control β Securely define who can sync what
π Common Use Cases:
- Centralized backup server receiving files from multiple clients
- Mirroring servers or shared storage systems over LAN
- Automated, scheduled backups without needing SSH keys
π οΈ 2. Installing and Enabling Rsync Daemon
Most Linux distributions come with Rsync pre-installed, but if not, install it first.
β For Debian/Ubuntu:
sudo apt update && sudo apt install rsync -y
β For CentOS/RHEL:
sudo yum install rsync -y
β For Arch Linux:
sudo pacman -S rsync
β Verify Rsync Installation:
rsync --version
π Expected Output:
rsync version 3.2.3 protocol version 31
βοΈ 3. Configuring Rsync Daemon (rsyncd)
πΉ Step 1: Create Rsync Daemon Configuration File
The Rsync Daemon is configured using /etc/rsyncd.conf.
β
Create or Edit /etc/rsyncd.conf:
sudo nano /etc/rsyncd.conf
β Add the following configuration:
# Global Settings
uid = rsync
gid = rsync
use chroot = no
max connections = 10
log file = /var/log/rsyncd.log
timeout = 300
read only = no
# Backup Module
[backup]
path = /data/backup
comment = Rsync Backup Directory
read only = no
list = yes
auth users = backupuser
secrets file = /etc/rsyncd.secrets
π Explanation of Key Settings:
uid/gid = rsyncβ Runs Rsync under a non-root user for securitymax connections = 10β Limits concurrent users to prevent overloadlog file = /var/log/rsyncd.logβ Enables logging for monitoring[backup]β Defines a named module accessible over the networkauth users = backupuserβ Enables authentication for secure accesssecrets file = /etc/rsyncd.secretsβ Stores user credentials securely
πΉ Step 2: Create Rsync Authentication File
Since we enabled authentication (auth users), we need to define user credentials.
β
Create /etc/rsyncd.secrets:
sudo nano /etc/rsyncd.secrets
β Add a user credential:
backupuser:securepassword
β Secure the file:
sudo chmod 600 /etc/rsyncd.secrets
π Permissions must be strict; otherwise, Rsync will refuse to use it.
πΉ Step 3: Start and Enable Rsync Daemon
β Start Rsync in daemon mode:
sudo rsync --daemon
β Enable Rsync to start at boot:
sudo systemctl enable rsync
β Check if Rsync daemon is running:
sudo systemctl status rsync
π Expected Output:
β rsync.service - fast remote file copy program daemon
Active: active (running)
β Verify Rsync is listening on port 873:
sudo netstat -tulnp | grep rsync
π By default, Rsync daemon listens on TCP port 873.
π 4. Connecting to Rsync Daemon from a Client
πΉ Listing Available Rsync Modules
To see which directories are available on the Rsync server:
rsync rsync://remote-server/
π Expected Output:
backup Rsync Backup Directory
πΉ Pulling Data from Rsync Server
To download files from the Rsync server:
rsync -av rsync://backupuser@remote-server/backup/ /local/backup/
π You will be prompted for the password (stored in /etc/rsyncd.secrets).
πΉ Pushing Data to Rsync Server
To upload files to the Rsync server:
rsync -av /home/user/data/ rsync://backupuser@remote-server/backup/
π Ensure read only = no is set in /etc/rsyncd.conf to allow uploads.
π‘οΈ 5. Securing Rsync Daemon
πΉ Restrict Access to Trusted IPs
Modify /etc/rsyncd.conf:
hosts allow = 192.168.1.0/24
hosts deny = *
π Only devices from 192.168.1.x can access Rsync.
πΉ Use SSH Tunneling for Encryption
By default, Rsync does not encrypt data. Secure it by tunneling Rsync traffic over SSH:
ssh -L 873:localhost:873 user@remote-server
rsync -av rsync://localhost/backup/ /local/backup/
π This encrypts all Rsync traffic.
β οΈ 6. Troubleshooting Common Rsync Daemon Issues
| Issue | Solution |
|---|---|
| Connection Refused | Check if Rsync daemon is running: sudo systemctl status rsync |
| Authentication Failed | Ensure /etc/rsyncd.secrets has correct permissions (chmod 600) |
| Cannot Write to Backup Folder | Set read only = no in /etc/rsyncd.conf |
| Rsync Daemon Not Starting | Check /var/log/rsyncd.log for errors |
β Debug Rsync Daemon with Verbose Mode:
sudo rsync --daemon --no-detach --debug=ALL
π 7. Summary
| Feature | Rsync Daemon Advantage |
|---|---|
| Multi-Client Access | Multiple users can connect simultaneously |
| Faster than SSH Rsync | Direct TCP connections reduce CPU load |
| Access Control | Authentication via rsyncd.secrets |
| Centralized Backup Server | Efficient data syncing across the network |
β Rsync daemon is an ideal solution for setting up a high-speed, multi-client backup system.
π¬ Join the Discussion!
Have you set up an Rsync daemon for large-scale backups?
How do you handle security and authentication for Rsync servers?
π¬ Share your experience in the comments below! π
π Next Up: Optimizing Rsync Daemon for High-Performance Backups
