Michael Leone on 20 Dec 2013 04:23:13 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
[PLUG] Fwd: Rsync advice wanted |
Re-sending, as I saw no responses, but I don't know if that had anything to do with mail server problems that the list may have been having. ---------- Forwarded message ---------- From: Michael Leone <turgon@mike-leone.com> Date: Mon, Dec 16, 2013 at 1:12 PM Subject: Rsync advice wanted To: PLUG <plug@lists.phillylinux.org> I have a setup now where I have a RH server in my DMZ, and my vendors use SFTP to copy files to us. I also have a Ubuntu VM on my trusted LAn that will reach into that box (via SSH; the DMZ has copies of it's keys); run a script to sweep all new files into a single ZIP file; rsync that back into the trusted LAN; and deletes the source on the DMZ. I had a whole lot of help from this list with that script close to 3.5 years ago now (thanks again!) and it's been running fine. Now, I have a need to go in the opposite direction. We want to send files to the DMZ, for other vendors to pick up (also over SFTP). Ideally, Here's what I am thinking, please comment. These new vendors will have home directories in an entirely different tree from the vendors that send in files. Reason: I can then easily duplicate this tree on the trusted side (we're talking less than 10 user directories, total). When we have a file to send to User-1, we write it in the "home directory" of User-1 on the trusted side. Then, on a schedule, a script will make an rsync connection over SSH to the DMZ; replicate any files on the trusted side to the DMZ side (ignoring any files on the DMZ side that happen to already exist), and then deleting the file from the trusted side. Rsync should be able to do this, with these options? rsync -rvz --ignore-existing --remove-source-files <trusted-side-tree> <DMZ-user@DMZ-IP:/DMZ-side-tree> DMZ-user can be given rights into the user home directory, so it can write files there. This way, the script cleans out the trusted side (the "outgoing files"), while not touching any files that the vendor may have not yet SFTPed out. Thoughts? I know I've missed something, or made some stupid assumption. I have very very little experience writing Linux scripts, but have written many on Windows (CMD, Powershell) so it's more the specific implementation on Linux that I am weak on. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug