version 1.1.1.2, 2013/10/14 07:51:14
|
version 1.1.1.3, 2016/11/01 09:54:32
|
Line 1
|
Line 1
|
.TH "rsyncd.conf" "5" "28 Sep 2013" "" "" | .TH "rsyncd.conf" "5" "21 Dec 2015" "" "" |
.SH "NAME" |
.SH "NAME" |
rsyncd.conf \- configuration file for rsync in daemon mode |
rsyncd.conf \- configuration file for rsync in daemon mode |
.SH "SYNOPSIS" |
.SH "SYNOPSIS" |
Line 85 connection.
|
Line 85 connection.
|
.PP |
.PP |
The first parameters in the file (before a [module] header) are the |
The first parameters in the file (before a [module] header) are the |
global parameters. |
global parameters. |
|
Rsync also allows for the use of a \(dq\&[global]\(dq\& module name to indicate the |
|
start of one or more global\-parameter sections (the name must be lower case). |
.PP |
.PP |
You may also include any module parameters in the global part of the |
You may also include any module parameters in the global part of the |
config file in which case the supplied value will override the |
config file in which case the supplied value will override the |
Line 153 The module name cannot contain a slash or a closing sq
|
Line 155 The module name cannot contain a slash or a closing sq
|
name contains whitespace, each internal sequence of whitespace will be |
name contains whitespace, each internal sequence of whitespace will be |
changed into a single space, while leading or trailing whitespace will be |
changed into a single space, while leading or trailing whitespace will be |
discarded. |
discarded. |
|
Also, the name cannot be \(dq\&global\(dq\& as that exact name indicates that |
|
global parameters follow (see above). |
.PP |
.PP |
As with GLOBAL PARAMETERS, you may use references to environment variables in |
As with GLOBAL PARAMETERS, you may use references to environment variables in |
the values of parameters. See the GLOBAL PARAMETERS section for more details. |
the values of parameters. See the GLOBAL PARAMETERS section for more details. |
Line 214 args if rsync believes they would escape the module hi
|
Line 218 args if rsync believes they would escape the module hi
|
The default for \(dq\&use chroot\(dq\& is true, and is the safer choice (especially |
The default for \(dq\&use chroot\(dq\& is true, and is the safer choice (especially |
if the module is not read\-only). |
if the module is not read\-only). |
.IP |
.IP |
When this parameter is enabled, rsync will not attempt to map users and groups | When this parameter is enabled, the \(dq\&numeric\-ids\(dq\& option will also default to |
by name (by default), but instead copy IDs as though \fB\-\-numeric\-ids\fP had | being enabled (disabling name lookups). See below for what a chroot needs in |
been specified. In order to enable name\-mapping, rsync needs to be able to | order for name lookups to succeed. |
use the standard library functions for looking up names and IDs (i.e. | |
\f(CWgetpwuid()\fP | |
, | |
\f(CWgetgrgid()\fP | |
, | |
\f(CWgetpwname()\fP | |
, and | |
\f(CWgetgrnam()\fP | |
). | |
This means the rsync | |
process in the chroot hierarchy will need to have access to the resources | |
used by these library functions (traditionally /etc/passwd and | |
/etc/group, but perhaps additional dynamic libraries as well). | |
.IP |
.IP |
If you copy the necessary resources into the module\(cq\&s chroot area, you | If you copy library resources into the module\(cq\&s chroot area, you |
should protect them through your OS\(cq\&s normal user/group or ACL settings (to |
should protect them through your OS\(cq\&s normal user/group or ACL settings (to |
prevent the rsync module\(cq\&s user from being able to change them), and then |
prevent the rsync module\(cq\&s user from being able to change them), and then |
hide them from the user\(cq\&s view via \(dq\&exclude\(dq\& (see how in the discussion of |
hide them from the user\(cq\&s view via \(dq\&exclude\(dq\& (see how in the discussion of |
that parameter). At that point it will be safe to enable the mapping of users |
that parameter). At that point it will be safe to enable the mapping of users |
and groups by name using the \(dq\&numeric ids\(dq\& daemon parameter (see below). | and groups by name using this \(dq\&numeric ids\(dq\& daemon parameter. |
.IP |
.IP |
Note also that you are free to setup custom user/group information in the |
Note also that you are free to setup custom user/group information in the |
chroot area that is different from your normal system. For example, you |
chroot area that is different from your normal system. For example, you |
Line 249 the daemon from trying to load any user/group\-related
|
Line 240 the daemon from trying to load any user/group\-related
|
This enabling makes the transfer behave as if the client had passed |
This enabling makes the transfer behave as if the client had passed |
the \fB\-\-numeric\-ids\fP command\-line option. By default, this parameter is |
the \fB\-\-numeric\-ids\fP command\-line option. By default, this parameter is |
enabled for chroot modules and disabled for non\-chroot modules. |
enabled for chroot modules and disabled for non\-chroot modules. |
|
Also keep in mind that uid/gid preservation requires the module to be |
|
running as root (see \(dq\&uid\(dq\&) or for \(dq\&fake super\(dq\& to be configured. |
.IP |
.IP |
A chroot\-enabled module should not have this parameter enabled unless you\(cq\&ve |
A chroot\-enabled module should not have this parameter enabled unless you\(cq\&ve |
taken steps to ensure that the module has the necessary resources it needs |
taken steps to ensure that the module has the necessary resources it needs |
to translate names, and that it is not possible for a user to change those |
to translate names, and that it is not possible for a user to change those |
resources. | resources. That includes being the code being able to call functions like |
| \f(CWgetpwuid()\fP |
| , |
| \f(CWgetgrgid()\fP |
| , |
| \f(CWgetpwname()\fP |
| , and |
| \f(CWgetgrnam()\fP |
| ). |
| You should test what libraries and config files are required for your OS |
| and get those setup before starting to test name mapping in rsync. |
.IP |
.IP |
.IP "\fBmunge symlinks\fP" |
.IP "\fBmunge symlinks\fP" |
This parameter tells rsync to modify |
This parameter tells rsync to modify |
Line 357 the maximum amount of verbose information that you\(cq
|
Line 360 the maximum amount of verbose information that you\(cq
|
generate (since the information goes into the log file). The default is 1, |
generate (since the information goes into the log file). The default is 1, |
which allows the client to request one level of verbosity. |
which allows the client to request one level of verbosity. |
.IP |
.IP |
|
This also affects the user\(cq\&s ability to request higher levels of \fB\-\-info\fP and |
|
\fB\-\-debug\fP logging. If the max value is 2, then no info and/or debug value |
|
that is higher than what would be set by \fB\-vv\fP will be honored by the daemon |
|
in its logging. To see how high of a verbosity level you need to accept for a |
|
particular info/debug level, refer to \(dq\&rsync \-\-info=help\(dq\& and \(dq\&rsync \-\-debug=help\(dq\&. |
|
For instance, it takes max\-verbosity 4 to be able to output debug TIME2 and FLIST3. |
|
.IP |
.IP "\fBlock file\fP" |
.IP "\fBlock file\fP" |
This parameter specifies the file to use to |
This parameter specifies the file to use to |
support the \(dq\&max connections\(dq\& parameter. The rsync daemon uses record |
support the \(dq\&max connections\(dq\& parameter. The rsync daemon uses record |
Line 1039 http://rsync.samba.org/
|
Line 1049 http://rsync.samba.org/
|
.SH "VERSION" |
.SH "VERSION" |
|
|
.PP |
.PP |
This man page is current for version 3.1.0 of rsync. | This man page is current for version 3.1.2 of rsync. |
.PP |
.PP |
.SH "CREDITS" |
.SH "CREDITS" |
|
|