|
version 1.1, 2012/02/17 15:09:30
|
version 1.1.1.2, 2013/10/14 07:51:14
|
|
Line 1
|
Line 1
|
| .TH "rsyncd.conf" "5" "23 Sep 2011" "" "" | .TH "rsyncd.conf" "5" "28 Sep 2013" "" "" |
| .SH "NAME" |
.SH "NAME" |
| rsyncd.conf \- configuration file for rsync in daemon mode |
rsyncd.conf \- configuration file for rsync in daemon mode |
| .SH "SYNOPSIS" |
.SH "SYNOPSIS" |
|
Line 31 whitespace in module and parameter names is irrelevant
|
Line 31 whitespace in module and parameter names is irrelevant
|
| trailing whitespace in a parameter value is discarded. Internal whitespace |
trailing whitespace in a parameter value is discarded. Internal whitespace |
| within a parameter value is retained verbatim. |
within a parameter value is retained verbatim. |
| .PP |
.PP |
| Any line beginning with a hash (#) is ignored, as are lines containing | Any line \fBbeginning\fP with a hash (#) is ignored, as are lines containing |
| only whitespace. | only whitespace. (If a hash occurs after anything other than leading |
| | whitespace, it is considered a part of the line\(cq\&s content.) |
| .PP |
.PP |
| Any line ending in a \e is \(dq\&continued\(dq\& on the next line in the |
Any line ending in a \e is \(dq\&continued\(dq\& on the next line in the |
| customary UNIX fashion. |
customary UNIX fashion. |
|
Line 89 You may also include any module parameters in the glob
|
Line 90 You may also include any module parameters in the glob
|
| config file in which case the supplied value will override the |
config file in which case the supplied value will override the |
| default for that parameter. |
default for that parameter. |
| .PP |
.PP |
| |
You may use references to environment variables in the values of parameters. |
| |
String parameters will have %VAR% references expanded as late as possible (when |
| |
the string is used in the program), allowing for the use of variables that |
| |
rsync sets at connection time, such as RSYNC_USER_NAME. Non\-string parameters |
| |
(such as true/false settings) are expanded when read from the config file. If |
| |
a variable does not exist in the environment, or if a sequence of characters is |
| |
not a valid reference (such as an un\-paired percent sign), the raw characters |
| |
are passed through unchanged. This helps with backward compatibility and |
| |
safety (e.g. expanding a non\-existent %VAR% to an empty string in a path could |
| |
result in a very unsafe path). The safest way to insert a literal % into a |
| |
value is to use %%. |
| |
.PP |
| .IP "\fBmotd file\fP" |
.IP "\fBmotd file\fP" |
| This parameter allows you to specify a |
This parameter allows you to specify a |
| \(dq\&message of the day\(dq\& to display to clients on each connect. This |
\(dq\&message of the day\(dq\& to display to clients on each connect. This |
| usually contains site information and any legal notices. The default |
usually contains site information and any legal notices. The default |
| is no motd file. |
is no motd file. |
| |
This can be overridden by the \fB\-\-dparam=motdfile=FILE\fP |
| |
command\-line option when starting the daemon. |
| .IP |
.IP |
| .IP "\fBpid file\fP" |
.IP "\fBpid file\fP" |
| This parameter tells the rsync daemon to write |
This parameter tells the rsync daemon to write |
| its process ID to that file. If the file already exists, the rsync |
its process ID to that file. If the file already exists, the rsync |
| daemon will abort rather than overwrite the file. |
daemon will abort rather than overwrite the file. |
| |
This can be overridden by the \fB\-\-dparam=pidfile=FILE\fP |
| |
command\-line option when starting the daemon. |
| .IP |
.IP |
| .IP "\fBport\fP" |
.IP "\fBport\fP" |
| You can override the default port the daemon will listen on |
You can override the default port the daemon will listen on |
|
Line 121 details on some of the options you may be able to set.
|
Line 138 details on some of the options you may be able to set.
|
| special socket options are set. These settings can also be specified |
special socket options are set. These settings can also be specified |
| via the \fB\-\-sockopts\fP command\-line option. |
via the \fB\-\-sockopts\fP command\-line option. |
| .IP |
.IP |
| |
.IP "\fBlisten backlog\fP" |
| |
You can override the default backlog value when the |
| |
daemon listens for connections. It defaults to 5. |
| |
.IP |
| .SH "MODULE PARAMETERS" |
.SH "MODULE PARAMETERS" |
| |
|
| .PP |
.PP |
|
Line 133 name contains whitespace, each internal sequence of wh
|
Line 154 name contains whitespace, each internal sequence of wh
|
| changed into a single space, while leading or trailing whitespace will be |
changed into a single space, while leading or trailing whitespace will be |
| discarded. |
discarded. |
| .PP |
.PP |
| |
As with GLOBAL PARAMETERS, you may use references to environment variables in |
| |
the values of parameters. See the GLOBAL PARAMETERS section for more details. |
| |
.PP |
| .IP "\fBcomment\fP" |
.IP "\fBcomment\fP" |
| This parameter specifies a description string |
This parameter specifies a description string |
| that is displayed next to the module name when clients obtain a list |
that is displayed next to the module name when clients obtain a list |
|
Line 143 This parameter specifies the directory in the daemon\(
|
Line 167 This parameter specifies the directory in the daemon\(
|
| filesystem to make available in this module. You must specify this parameter |
filesystem to make available in this module. You must specify this parameter |
| for each module in \f(CWrsyncd.conf\fP. |
for each module in \f(CWrsyncd.conf\fP. |
| .IP |
.IP |
| |
You may base the path\(cq\&s value off of an environment variable by surrounding |
| |
the variable name with percent signs. You can even reference a variable |
| |
that is set by rsync when the user connects. |
| |
For example, this would use the authorizing user\(cq\&s name in the path: |
| |
.IP |
| |
.nf |
| |
path = /home/%RSYNC_USER_NAME% |
| |
.fi |
| |
|
| |
.IP |
| It is fine if the path includes internal spaces \-\- they will be retained |
It is fine if the path includes internal spaces \-\- they will be retained |
| verbatim (which means that you shouldn\(cq\&t try to escape them). If your final |
verbatim (which means that you shouldn\(cq\&t try to escape them). If your final |
| directory has a trailing space (and this is somehow not something you wish to |
directory has a trailing space (and this is somehow not something you wish to |
|
Line 223 resources.
|
Line 257 resources.
|
| .IP |
.IP |
| .IP "\fBmunge symlinks\fP" |
.IP "\fBmunge symlinks\fP" |
| This parameter tells rsync to modify |
This parameter tells rsync to modify |
| all incoming symlinks in a way that makes them unusable but recoverable | all symlinks in the same way as the (non\-daemon\-affecting) |
| (see below). This should help protect your files from user trickery when | \fB\-\-munge\-links\fP command\-line option (using a method described below). |
| | This should help protect your files from user trickery when |
| your daemon module is writable. The default is disabled when \(dq\&use chroot\(dq\& |
your daemon module is writable. The default is disabled when \(dq\&use chroot\(dq\& |
| is on and the inside\-chroot path is \(dq\&/\(dq\&, otherwise it is enabled. |
is on and the inside\-chroot path is \(dq\&/\(dq\&, otherwise it is enabled. |
| .IP |
.IP |
|
Line 299 If the daemon fails to open the specified file, it wil
|
Line 334 If the daemon fails to open the specified file, it wil
|
| using syslog and output an error about the failure. (Note that the |
using syslog and output an error about the failure. (Note that the |
| failure to open the specified log file used to be a fatal error.) |
failure to open the specified log file used to be a fatal error.) |
| .IP |
.IP |
| |
This setting can be overridden by using the \fB\-\-log\-file=FILE\fP or |
| |
\fB\-\-dparam=logfile=FILE\fP command\-line options. The former overrides |
| |
all the log\-file parameters of the daemon and all module settings. |
| |
The latter sets the daemon\(cq\&s log file and the default for all the |
| |
modules, which still allows modules to override the default setting. |
| |
.IP |
| .IP "\fBsyslog facility\fP" |
.IP "\fBsyslog facility\fP" |
| This parameter allows you to |
This parameter allows you to |
| specify the syslog facility name to use when logging messages from the |
specify the syslog facility name to use when logging messages from the |
|
Line 330 attempted uploads will fail. If \(dq\&read only\(dq\&
|
Line 371 attempted uploads will fail. If \(dq\&read only\(dq\&
|
| be possible if file permissions on the daemon side allow them. The default |
be possible if file permissions on the daemon side allow them. The default |
| is for all modules to be read only. |
is for all modules to be read only. |
| .IP |
.IP |
| |
Note that \(dq\&auth users\(dq\& can override this setting on a per\-user basis. |
| |
.IP |
| .IP "\fBwrite only\fP" |
.IP "\fBwrite only\fP" |
| This parameter determines whether clients |
This parameter determines whether clients |
| will be able to download files or not. If \(dq\&write only\(dq\& is true then any |
will be able to download files or not. If \(dq\&write only\(dq\& is true then any |
|
Line 338 will be possible if file permissions on the daemon sid
|
Line 381 will be possible if file permissions on the daemon sid
|
| default is for this parameter to be disabled. |
default is for this parameter to be disabled. |
| .IP |
.IP |
| .IP "\fBlist\fP" |
.IP "\fBlist\fP" |
| This parameter determines if this module should be | This parameter determines whether this module is |
| listed when the client asks for a listing of available modules. By | listed when the client asks for a listing of available modules. In addition, |
| setting this to false you can create hidden modules. The default is | if this is false, the daemon will pretend the module does not exist |
| for modules to be listable. | when a client denied by \(dq\&hosts allow\(dq\& or \(dq\&hosts deny\(dq\& attempts to access it. |
| | Realize that if \(dq\&reverse lookup\(dq\& is disabled globally but enabled for the |
| | module, the resulting reverse lookup to a potentially client\-controlled DNS |
| | server may still reveal to the client that it hit an existing module. |
| | The default is for modules to be listable. |
| .IP |
.IP |
| .IP "\fBuid\fP" |
.IP "\fBuid\fP" |
| This parameter specifies the user name or user ID that |
This parameter specifies the user name or user ID that |
| file transfers to and from that module should take place as when the daemon |
file transfers to and from that module should take place as when the daemon |
| was run as root. In combination with the \(dq\&gid\(dq\& parameter this determines what |
was run as root. In combination with the \(dq\&gid\(dq\& parameter this determines what |
| file permissions are available. The default is uid \-2, which is normally | file permissions are available. The default when run by a super\-user is to |
| the user \(dq\&nobody\(dq\&. | switch to the system\(cq\&s \(dq\&nobody\(dq\& user. The default for a non\-super\-user is to |
| | not try to change the user. See also the \(dq\&gid\(dq\& parameter. |
| .IP |
.IP |
| |
The RSYNC_USER_NAME environment variable may be used to request that rsync run |
| |
as the authorizing user. For example, if you want a rsync to run as the same |
| |
user that was received for the rsync authentication, this setup is useful: |
| |
.IP |
| |
.nf |
| |
uid = %RSYNC_USER_NAME% |
| |
gid = * |
| |
.fi |
| |
|
| |
.IP |
| .IP "\fBgid\fP" |
.IP "\fBgid\fP" |
| This parameter specifies the group name or group ID that | This parameter specifies one or more group names/IDs that will be |
| file transfers to and from that module should take place as when the daemon | used when accessing the module. The first one will be the default group, and |
| was run as root. This complements the \(dq\&uid\(dq\& parameter. The default is gid \-2, | any extra ones be set as supplemental groups. You may also specify a \(dq\&*\(dq\& as |
| which is normally the group \(dq\&nobody\(dq\&. | the first gid in the list, which will be replaced by all the normal groups for |
| | the transfer\(cq\&s user (see \(dq\&uid\(dq\&). The default when run by a super\-user is to |
| | switch to your OS\(cq\&s \(dq\&nobody\(dq\& (or perhaps \(dq\&nogroup\(dq\&) group with no other |
| | supplementary groups. The default for a non\-super\-user is to not change any |
| | group attributes (and indeed, your OS may not allow a non\-super\-user to try to |
| | change their group settings). |
| .IP |
.IP |
| .IP "\fBfake super\fP" |
.IP "\fBfake super\fP" |
| Setting \(dq\&fake super = yes\(dq\& for a module causes the |
Setting \(dq\&fake super = yes\(dq\& for a module causes the |
|
Line 438 See the description of the \fB\-\-chmod\fP rsync optio
|
Line 501 See the description of the \fB\-\-chmod\fP rsync optio
|
| manpage for information on the format of this string. |
manpage for information on the format of this string. |
| .IP |
.IP |
| .IP "\fBauth users\fP" |
.IP "\fBauth users\fP" |
| This parameter specifies a comma and | This parameter specifies a comma and/or space\-separated |
| space\-separated list of usernames that will be allowed to connect to | list of authorization rules. In its simplest form, you list the usernames |
| | that will be allowed to connect to |
| this module. The usernames do not need to exist on the local |
this module. The usernames do not need to exist on the local |
| system. The usernames may also contain shell wildcard characters. If | system. The rules may contain shell wildcard characters that will be matched |
| | against the username provided by the client for authentication. If |
| \(dq\&auth users\(dq\& is set then the client will be challenged to supply a |
\(dq\&auth users\(dq\& is set then the client will be challenged to supply a |
| username and password to connect to the module. A challenge response |
username and password to connect to the module. A challenge response |
| authentication protocol is used for this exchange. The plain text |
authentication protocol is used for this exchange. The plain text |
|
Line 449 usernames and passwords are stored in the file specifi
|
Line 514 usernames and passwords are stored in the file specifi
|
| \(dq\&secrets file\(dq\& parameter. The default is for all users to be able to |
\(dq\&secrets file\(dq\& parameter. The default is for all users to be able to |
| connect without a password (this is called \(dq\&anonymous rsync\(dq\&). |
connect without a password (this is called \(dq\&anonymous rsync\(dq\&). |
| .IP |
.IP |
| |
In addition to username matching, you can specify groupname matching via a \(cq\&@\(cq\& |
| |
prefix. When using groupname matching, the authenticating username must be a |
| |
real user on the system, or it will be assumed to be a member of no groups. |
| |
For example, specifying \(dq\&@rsync\(dq\& will match the authenticating user if the |
| |
named user is a member of the rsync group. |
| |
.IP |
| |
Finally, options may be specified after a colon (:). The options allow you to |
| |
\(dq\&deny\(dq\& a user or a group, set the access to \(dq\&ro\(dq\& (read\-only), or set the access |
| |
to \(dq\&rw\(dq\& (read/write). Setting an auth\-rule\-specific ro/rw setting overrides |
| |
the module\(cq\&s \(dq\&read only\(dq\& setting. |
| |
.IP |
| |
Be sure to put the rules in the order you want them to be matched, because the |
| |
checking stops at the first matching user or group, and that is the only auth |
| |
that is checked. For example: |
| |
.IP |
| |
.nf |
| |
auth users = joe:deny @guest:deny admin:rw @rsync:ro susan joe sam |
| |
.fi |
| |
|
| |
.IP |
| |
In the above rule, user joe will be denied access no matter what. Any user |
| |
that is in the group \(dq\&guest\(dq\& is also denied access. The user \(dq\&admin\(dq\& gets |
| |
access in read/write mode, but only if the admin user is not in group \(dq\&guest\(dq\& |
| |
(because the admin user\-matching rule would never be reached if the user is in |
| |
group \(dq\&guest\(dq\&). Any other user who is in group \(dq\&rsync\(dq\& will get read\-only |
| |
access. Finally, users susan, joe, and sam get the ro/rw setting of the |
| |
module, but only if the user didn\(cq\&t match an earlier group\-matching rule. |
| |
.IP |
| |
See the description of the secrets file for how you can have per\-user passwords |
| |
as well as per\-group passwords. It also explains how a user can authenticate |
| |
using their user password or (when applicable) a group password, depending on |
| |
what rule is being authenticated. |
| |
.IP |
| See also the section entitled \(dq\&USING RSYNC\-DAEMON FEATURES VIA A REMOTE |
See also the section entitled \(dq\&USING RSYNC\-DAEMON FEATURES VIA A REMOTE |
| SHELL CONNECTION\(dq\& in \fBrsync\fP(1) for information on how handle an |
SHELL CONNECTION\(dq\& in \fBrsync\fP(1) for information on how handle an |
| rsyncd.conf\-level username that differs from the remote\-shell\-level |
rsyncd.conf\-level username that differs from the remote\-shell\-level |
| username when using a remote shell to connect to an rsync daemon. |
username when using a remote shell to connect to an rsync daemon. |
| .IP |
.IP |
| .IP "\fBsecrets file\fP" |
.IP "\fBsecrets file\fP" |
| This parameter specifies the name of | This parameter specifies the name of a file that contains |
| a file that contains the username:password pairs used for | the username:password and/or @groupname:password pairs used for authenticating |
| authenticating this module. This file is only consulted if the \(dq\&auth | this module. This file is only consulted if the \(dq\&auth users\(dq\& parameter is |
| users\(dq\& parameter is specified. The file is line based and contains | specified. The file is line\-based and contains one name:password pair per |
| username:password pairs separated by a single colon. Any line starting | line. Any line has a hash (#) as the very first character on the line is |
| with a hash (#) is considered a comment and is skipped. The passwords | considered a comment and is skipped. The passwords can contain any characters |
| can contain any characters but be warned that many operating systems | but be warned that many operating systems limit the length of passwords that |
| limit the length of passwords that can be typed at the client end, so | can be typed at the client end, so you may find that passwords longer than 8 |
| you may find that passwords longer than 8 characters don\(cq\&t work. | characters don\(cq\&t work. |
| .IP |
.IP |
| |
The use of group\-specific lines are only relevant when the module is being |
| |
authorized using a matching \(dq\&@groupname\(dq\& rule. When that happens, the user |
| |
can be authorized via either their \(dq\&username:password\(dq\& line or the |
| |
\(dq\&@groupname:password\(dq\& line for the group that triggered the authentication. |
| |
.IP |
| |
It is up to you what kind of password entries you want to include, either |
| |
users, groups, or both. The use of group rules in \(dq\&auth users\(dq\& does not |
| |
require that you specify a group password if you do not want to use shared |
| |
passwords. |
| |
.IP |
| There is no default for the \(dq\&secrets file\(dq\& parameter, you must choose a name |
There is no default for the \(dq\&secrets file\(dq\& parameter, you must choose a name |
| (such as \f(CW/etc/rsyncd.secrets\fP). The file must normally not be readable |
(such as \f(CW/etc/rsyncd.secrets\fP). The file must normally not be readable |
| by \(dq\&other\(dq\&; see \(dq\&strict modes\(dq\&. | by \(dq\&other\(dq\&; see \(dq\&strict modes\(dq\&. If the file is not found or is rejected, no |
| | logins for a \(dq\&user auth\(dq\& module will be possible. |
| .IP |
.IP |
| .IP "\fBstrict modes\fP" |
.IP "\fBstrict modes\fP" |
| This parameter determines whether or not |
This parameter determines whether or not |
|
Line 500 IP address and maskaddr is the netmask in dotted decim
|
Line 609 IP address and maskaddr is the netmask in dotted decim
|
| or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP |
or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP |
| addresses which match the masked IP address will be allowed in. |
addresses which match the masked IP address will be allowed in. |
| .IP o |
.IP o |
| a hostname. The hostname as determined by a reverse lookup will | a hostname pattern using wildcards. If the hostname of the connecting IP |
| be matched (case insensitive) against the pattern. Only an exact | (as determined by a reverse lookup) matches the wildcarded name (using the |
| match is allowed in. | same rules as normal unix filename matching), the client is allowed in. This |
| | only works if \(dq\&reverse lookup\(dq\& is enabled (the default). |
| .IP o |
.IP o |
| a hostname pattern using wildcards. These are matched using the | a hostname. A plain hostname is matched against the reverse DNS of the |
| same rules as normal unix filename matching. If the pattern matches | connecting IP (if \(dq\&reverse lookup\(dq\& is enabled), and/or the IP of the given |
| then the client is allowed in. | hostname is matched against the connecting IP (if \(dq\&forward lookup\(dq\& is |
| | enabled, as it is by default). Any match will be allowed in. |
| .RE |
.RE |
| |
|
| .IP |
.IP |
|
Line 540 rejected. See the \(dq\&hosts allow\(dq\& parameter fo
|
Line 651 rejected. See the \(dq\&hosts allow\(dq\& parameter fo
|
| .IP |
.IP |
| The default is no \(dq\&hosts deny\(dq\& parameter, which means all hosts can connect. |
The default is no \(dq\&hosts deny\(dq\& parameter, which means all hosts can connect. |
| .IP |
.IP |
| |
.IP "\fBreverse lookup\fP" |
| |
Controls whether the daemon performs a reverse lookup |
| |
on the client\(cq\&s IP address to determine its hostname, which is used for |
| |
\(dq\&hosts allow\(dq\&/\(dq\&hosts deny\(dq\& checks and the \(dq\&%h\(dq\& log escape. This is enabled by |
| |
default, but you may wish to disable it to save time if you know the lookup will |
| |
not return a useful result, in which case the daemon will use the name |
| |
\(dq\&UNDETERMINED\(dq\& instead. |
| |
.IP |
| |
If this parameter is enabled globally (even by default), rsync performs the |
| |
lookup as soon as a client connects, so disabling it for a module will not |
| |
avoid the lookup. Thus, you probably want to disable it globally and then |
| |
enable it for modules that need the information. |
| |
.IP |
| |
.IP "\fBforward lookup\fP" |
| |
Controls whether the daemon performs a forward lookup |
| |
on any hostname specified in an hosts allow/deny setting. By default this is |
| |
enabled, allowing the use of an explicit hostname that would not be returned |
| |
by reverse DNS of the connecting IP. |
| |
.IP |
| .IP "\fBignore errors\fP" |
.IP "\fBignore errors\fP" |
| This parameter tells rsyncd to |
This parameter tells rsyncd to |
| ignore I/O errors on the daemon when deciding whether to run the delete |
ignore I/O errors on the daemon when deciding whether to run the delete |
|
Line 570 The format is a text string containing embedded single
|
Line 700 The format is a text string containing embedded single
|
| sequences prefixed with a percent (%) character. An optional numeric |
sequences prefixed with a percent (%) character. An optional numeric |
| field width may also be specified between the percent and the escape |
field width may also be specified between the percent and the escape |
| letter (e.g. \(dq\&\fB%\-50n %8l %07p\fP\(dq\&). |
letter (e.g. \(dq\&\fB%\-50n %8l %07p\fP\(dq\&). |
| |
In addition, one or more apostrophes may be specified prior to a numerical |
| |
escape to indicate that the numerical value should be made more human\-readable. |
| |
The 3 supported levels are the same as for the \fB\-\-human\-readable\fP |
| |
command\-line option, though the default is for human\-readability to be off. |
| |
Each added apostrophe increases the level (e.g. \(dq\&\fB%'\&'\&l %'\&b %f\fP\(dq\&). |
| .IP |
.IP |
| The default log format is \(dq\&%o %h [%a] %m (%u) %f %l\(dq\&, and a \(dq\&%t [%p] \(dq\& |
The default log format is \(dq\&%o %h [%a] %m (%u) %f %l\(dq\&, and a \(dq\&%t [%p] \(dq\& |
| is always prefixed when using the \(dq\&log file\(dq\& parameter. |
is always prefixed when using the \(dq\&log file\(dq\& parameter. |
|
Line 581 The single\-character escapes that are understood are
|
Line 716 The single\-character escapes that are understood are
|
| .IP |
.IP |
| .RS |
.RS |
| .IP o |
.IP o |
| %a the remote IP address | %a the remote IP address (only available for a daemon) |
| .IP o |
.IP o |
| %b the number of bytes actually transferred |
%b the number of bytes actually transferred |
| .IP o |
.IP o |
|
Line 589 The single\-character escapes that are understood are
|
Line 724 The single\-character escapes that are understood are
|
| .IP o |
.IP o |
| %c the total size of the block checksums received for the basis file (only when sending) |
%c the total size of the block checksums received for the basis file (only when sending) |
| .IP o |
.IP o |
| |
%C the full\-file MD5 checksum if \fB\-\-checksum\fP is enabled or a file was transferred (only for protocol 30 or above). |
| |
.IP o |
| %f the filename (long form on sender; no trailing \(dq\&/\(dq\&) |
%f the filename (long form on sender; no trailing \(dq\&/\(dq\&) |
| .IP o |
.IP o |
| %G the gid of the file (decimal) or \(dq\&DEFAULT\(dq\& |
%G the gid of the file (decimal) or \(dq\&DEFAULT\(dq\& |
| .IP o |
.IP o |
| %h the remote host name | %h the remote host name (only available for a daemon) |
| .IP o |
.IP o |
| %i an itemized list of what is being updated |
%i an itemized list of what is being updated |
| .IP o |
.IP o |
|
Line 684 the sender.
|
Line 821 the sender.
|
| .IP "\fBpre\-xfer exec\fP, \fBpost\-xfer exec\fP" |
.IP "\fBpre\-xfer exec\fP, \fBpost\-xfer exec\fP" |
| You may specify a command to be run |
You may specify a command to be run |
| before and/or after the transfer. If the \fBpre\-xfer exec\fP command fails, the |
before and/or after the transfer. If the \fBpre\-xfer exec\fP command fails, the |
| transfer is aborted before it begins. | transfer is aborted before it begins. Any output from the script on stdout (up |
| | to several KB) will be displayed to the user when aborting, but is NOT |
| | displayed if the script returns success. Any output from the script on stderr |
| | goes to the daemon\(cq\&s stderr, which is typically discarded (though see |
| | \-\-no\-detatch option for a way to see the stderr output, which can assist with |
| | debugging). |
| .IP |
.IP |
| The following environment variables will be set, though some are |
The following environment variables will be set, though some are |
| specific to the pre\-xfer or the post\-xfer environment: |
specific to the pre\-xfer or the post\-xfer environment: |
|
Line 704 specific to the pre\-xfer or the post\-xfer environmen
|
Line 846 specific to the pre\-xfer or the post\-xfer environmen
|
| \fBRSYNC_PID\fP: A unique number for this transfer. |
\fBRSYNC_PID\fP: A unique number for this transfer. |
| .IP o |
.IP o |
| \fBRSYNC_REQUEST\fP: (pre\-xfer only) The module/path info specified |
\fBRSYNC_REQUEST\fP: (pre\-xfer only) The module/path info specified |
| by the user (note that the user can specify multiple source files, | by the user. Note that the user can specify multiple source files, |
| so the request can be something like \(dq\&mod/path1 mod/path2\(dq\&, etc.). | so the request can be something like \(dq\&mod/path1 mod/path2\(dq\&, etc. |
| .IP o |
.IP o |
| \fBRSYNC_ARG#\fP: (pre\-xfer only) The pre\-request arguments are set |
\fBRSYNC_ARG#\fP: (pre\-xfer only) The pre\-request arguments are set |
| in these numbered values. RSYNC_ARG0 is always \(dq\&rsyncd\(dq\&, and the last | in these numbered values. RSYNC_ARG0 is always \(dq\&rsyncd\(dq\&, followed by |
| value contains a single period. | the options that were used in RSYNC_ARG1, and so on. There will be a |
| | value of \(dq\&.\(dq\& indicating that the options are done and the path args |
| | are beginning \-\- these contain similar information to RSYNC_REQUEST, |
| | but with values separated and the module name stripped off. |
| .IP o |
.IP o |
| \fBRSYNC_EXIT_STATUS\fP: (post\-xfer only) the server side\(cq\&s exit value. |
\fBRSYNC_EXIT_STATUS\fP: (post\-xfer only) the server side\(cq\&s exit value. |
| This will be 0 for a successful run, a positive value for an error that the |
This will be 0 for a successful run, a positive value for an error that the |
|
Line 727 Even though the commands can be associated with a part
|
Line 872 Even though the commands can be associated with a part
|
| are run using the permissions of the user that started the daemon (not the |
are run using the permissions of the user that started the daemon (not the |
| module\(cq\&s uid/gid setting) without any chroot restrictions. |
module\(cq\&s uid/gid setting) without any chroot restrictions. |
| .IP |
.IP |
| |
.SH "CONFIG DIRECTIVES" |
| |
|
| |
.PP |
| |
There are currently two config directives available that allow a config file to |
| |
incorporate the contents of other files: \fB&include\fP and \fB&merge\fP. Both |
| |
allow a reference to either a file or a directory. They differ in how |
| |
segregated the file\(cq\&s contents are considered to be. |
| |
.PP |
| |
The \fB&include\fP directive treats each file as more distinct, with each one |
| |
inheriting the defaults of the parent file, starting the parameter parsing |
| |
as globals/defaults, and leaving the defaults unchanged for the parsing of |
| |
the rest of the parent file. |
| |
.PP |
| |
The \fB&merge\fP directive, on the other hand, treats the file\(cq\&s contents as |
| |
if it were simply inserted in place of the directive, and thus it can set |
| |
parameters in a module started in another file, can affect the defaults for |
| |
other files, etc. |
| |
.PP |
| |
When an \fB&include\fP or \fB&merge\fP directive refers to a directory, it will read |
| |
in all the \fB*.conf\fP or \fB*.inc\fP files (respectively) that are contained inside |
| |
that directory (without any |
| |
recursive scanning), with the files sorted into alpha order. So, if you have a |
| |
directory named \(dq\&rsyncd.d\(dq\& with the files \(dq\&foo.conf\(dq\&, \(dq\&bar.conf\(dq\&, and |
| |
\(dq\&baz.conf\(dq\& inside it, this directive: |
| |
.PP |
| |
.nf |
| |
&include /path/rsyncd.d |
| |
.fi |
| |
|
| |
.PP |
| |
would be the same as this set of directives: |
| |
.PP |
| |
.nf |
| |
&include /path/rsyncd.d/bar.conf |
| |
&include /path/rsyncd.d/baz.conf |
| |
&include /path/rsyncd.d/foo.conf |
| |
.fi |
| |
|
| |
.PP |
| |
except that it adjusts as files are added and removed from the directory. |
| |
.PP |
| |
The advantage of the \fB&include\fP directive is that you can define one or more |
| |
modules in a separate file without worrying about unintended side\-effects |
| |
between the self\-contained module files. |
| |
.PP |
| |
The advantage of the \fB&merge\fP directive is that you can load config snippets |
| |
that can be included into multiple module definitions, and you can also set |
| |
global values that will affect connections (such as \fBmotd file\fP), or globals |
| |
that will affect other include files. |
| |
.PP |
| |
For example, this is a useful /etc/rsyncd.conf file: |
| |
.PP |
| |
.nf |
| |
port = 873 |
| |
log file = /var/log/rsync.log |
| |
pid file = /var/lock/rsync.lock |
| |
|
| |
&merge /etc/rsyncd.d |
| |
&include /etc/rsyncd.d |
| |
.fi |
| |
|
| |
.PP |
| |
This would merge any /etc/rsyncd.d/*.inc files (for global values that should |
| |
stay in effect), and then include any /etc/rsyncd.d/*.conf files (defining |
| |
modules without any global\-value cross\-talk). |
| |
.PP |
| .SH "AUTHENTICATION STRENGTH" |
.SH "AUTHENTICATION STRENGTH" |
| |
|
| .PP |
.PP |
|
Line 828 http://rsync.samba.org/
|
Line 1039 http://rsync.samba.org/
|
| .SH "VERSION" |
.SH "VERSION" |
| |
|
| .PP |
.PP |
| This man page is current for version 3.0.9 of rsync. | This man page is current for version 3.1.0 of rsync. |
| .PP |
.PP |
| .SH "CREDITS" |
.SH "CREDITS" |
| |
|
| .PP |
.PP |
| rsync is distributed under the GNU public license. See the file | rsync is distributed under the GNU General Public License. See the file |
| COPYING for details. |
COPYING for details. |
| .PP |
.PP |
| The primary ftp site for rsync is |
The primary ftp site for rsync is |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to rsyncd.conf.5 CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / rsync