Annotation of embedaddon/rsync/rsyncd.conf.5, revision 1.1.1.1
1.1 misho 1: .TH "rsyncd.conf" "5" "23 Sep 2011" "" ""
2: .SH "NAME"
3: rsyncd.conf \- configuration file for rsync in daemon mode
4: .SH "SYNOPSIS"
5:
6: .PP
7: rsyncd.conf
8: .PP
9: .SH "DESCRIPTION"
10:
11: .PP
12: The rsyncd.conf file is the runtime configuration file for rsync when
13: run as an rsync daemon.
14: .PP
15: The rsyncd.conf file controls authentication, access, logging and
16: available modules.
17: .PP
18: .SH "FILE FORMAT"
19:
20: .PP
21: The file consists of modules and parameters. A module begins with the
22: name of the module in square brackets and continues until the next
23: module begins. Modules contain parameters of the form \(dq\&name = value\(dq\&.
24: .PP
25: The file is line\-based \-\- that is, each newline\-terminated line represents
26: either a comment, a module name or a parameter.
27: .PP
28: Only the first equals sign in a parameter is significant. Whitespace before
29: or after the first equals sign is discarded. Leading, trailing and internal
30: whitespace in module and parameter names is irrelevant. Leading and
31: trailing whitespace in a parameter value is discarded. Internal whitespace
32: within a parameter value is retained verbatim.
33: .PP
34: Any line beginning with a hash (#) is ignored, as are lines containing
35: only whitespace.
36: .PP
37: Any line ending in a \e is \(dq\&continued\(dq\& on the next line in the
38: customary UNIX fashion.
39: .PP
40: The values following the equals sign in parameters are all either a string
41: (no quotes needed) or a boolean, which may be given as yes/no, 0/1 or
42: true/false. Case is not significant in boolean values, but is preserved
43: in string values.
44: .PP
45: .SH "LAUNCHING THE RSYNC DAEMON"
46:
47: .PP
48: The rsync daemon is launched by specifying the \fB\-\-daemon\fP option to
49: rsync.
50: .PP
51: The daemon must run with root privileges if you wish to use chroot, to
52: bind to a port numbered under 1024 (as is the default 873), or to set
53: file ownership. Otherwise, it must just have permission to read and
54: write the appropriate data, log, and lock files.
55: .PP
56: You can launch it either via inetd, as a stand\-alone daemon, or from
57: an rsync client via a remote shell. If run as a stand\-alone daemon then
58: just run the command \(dq\&\fBrsync \-\-daemon\fP\(dq\& from a suitable startup script.
59: .PP
60: When run via inetd you should add a line like this to /etc/services:
61: .PP
62: .nf
63: rsync 873/tcp
64: .fi
65:
66: .PP
67: and a single line something like this to /etc/inetd.conf:
68: .PP
69: .nf
70: rsync stream tcp nowait root /usr/bin/rsync rsyncd \-\-daemon
71: .fi
72:
73: .PP
74: Replace \(dq\&/usr/bin/rsync\(dq\& with the path to where you have rsync installed on
75: your system. You will then need to send inetd a HUP signal to tell it to
76: reread its config file.
77: .PP
78: Note that you should \fBnot\fP send the rsync daemon a HUP signal to force
79: it to reread the \f(CWrsyncd.conf\fP file. The file is re\-read on each client
80: connection.
81: .PP
82: .SH "GLOBAL PARAMETERS"
83:
84: .PP
85: The first parameters in the file (before a [module] header) are the
86: global parameters.
87: .PP
88: You may also include any module parameters in the global part of the
89: config file in which case the supplied value will override the
90: default for that parameter.
91: .PP
92: .IP "\fBmotd file\fP"
93: This parameter allows you to specify a
94: \(dq\&message of the day\(dq\& to display to clients on each connect. This
95: usually contains site information and any legal notices. The default
96: is no motd file.
97: .IP
98: .IP "\fBpid file\fP"
99: This parameter tells the rsync daemon to write
100: its process ID to that file. If the file already exists, the rsync
101: daemon will abort rather than overwrite the file.
102: .IP
103: .IP "\fBport\fP"
104: You can override the default port the daemon will listen on
105: by specifying this value (defaults to 873). This is ignored if the daemon
106: is being run by inetd, and is superseded by the \fB\-\-port\fP command\-line option.
107: .IP
108: .IP "\fBaddress\fP"
109: You can override the default IP address the daemon
110: will listen on by specifying this value. This is ignored if the daemon is
111: being run by inetd, and is superseded by the \fB\-\-address\fP command\-line option.
112: .IP
113: .IP "\fBsocket options\fP"
114: This parameter can provide endless fun for people
115: who like to tune their systems to the utmost degree. You can set all
116: sorts of socket options which may make transfers faster (or
117: slower!). Read the man page for the
118: \f(CWsetsockopt()\fP
119: system call for
120: details on some of the options you may be able to set. By default no
121: special socket options are set. These settings can also be specified
122: via the \fB\-\-sockopts\fP command\-line option.
123: .IP
124: .SH "MODULE PARAMETERS"
125:
126: .PP
127: After the global parameters you should define a number of modules, each
128: module exports a directory tree as a symbolic name. Modules are
129: exported by specifying a module name in square brackets [module]
130: followed by the parameters for that module.
131: The module name cannot contain a slash or a closing square bracket. If the
132: name contains whitespace, each internal sequence of whitespace will be
133: changed into a single space, while leading or trailing whitespace will be
134: discarded.
135: .PP
136: .IP "\fBcomment\fP"
137: This parameter specifies a description string
138: that is displayed next to the module name when clients obtain a list
139: of available modules. The default is no comment.
140: .IP
141: .IP "\fBpath\fP"
142: This parameter specifies the directory in the daemon\(cq\&s
143: filesystem to make available in this module. You must specify this parameter
144: for each module in \f(CWrsyncd.conf\fP.
145: .IP
146: It is fine if the path includes internal spaces \-\- they will be retained
147: verbatim (which means that you shouldn\(cq\&t try to escape them). If your final
148: directory has a trailing space (and this is somehow not something you wish to
149: fix), append a trailing slash to the path to avoid losing the trailing
150: whitespace.
151: .IP
152: .IP "\fBuse chroot\fP"
153: If \(dq\&use chroot\(dq\& is true, the rsync daemon will chroot
154: to the \(dq\&path\(dq\& before starting the file transfer with the client. This has
155: the advantage of extra protection against possible implementation security
156: holes, but it has the disadvantages of requiring super\-user privileges,
157: of not being able to follow symbolic links that are either absolute or outside
158: of the new root path, and of complicating the preservation of users and groups
159: by name (see below).
160: .IP
161: As an additional safety feature, you can specify a dot\-dir in the module\(cq\&s
162: \(dq\&path\(dq\& to indicate the point where the chroot should occur. This allows rsync
163: to run in a chroot with a non\-\(dq\&/\(dq\& path for the top of the transfer hierarchy.
164: Doing this guards against unintended library loading (since those absolute
165: paths will not be inside the transfer hierarchy unless you have used an unwise
166: pathname), and lets you setup libraries for the chroot that are outside of the
167: transfer. For example, specifying \(dq\&/var/rsync/./module1\(dq\& will chroot to the
168: \(dq\&/var/rsync\(dq\& directory and set the inside\-chroot path to \(dq\&/module1\(dq\&. If you
169: had omitted the dot\-dir, the chroot would have used the whole path, and the
170: inside\-chroot path would have been \(dq\&/\(dq\&.
171: .IP
172: When \(dq\&use chroot\(dq\& is false or the inside\-chroot path is not \(dq\&/\(dq\&, rsync will:
173: (1) munge symlinks by
174: default for security reasons (see \(dq\&munge symlinks\(dq\& for a way to turn this
175: off, but only if you trust your users), (2) substitute leading slashes in
176: absolute paths with the module\(cq\&s path (so that options such as
177: \fB\-\-backup\-dir\fP, \fB\-\-compare\-dest\fP, etc. interpret an absolute path as
178: rooted in the module\(cq\&s \(dq\&path\(dq\& dir), and (3) trim \(dq\&..\(dq\& path elements from
179: args if rsync believes they would escape the module hierarchy.
180: The default for \(dq\&use chroot\(dq\& is true, and is the safer choice (especially
181: if the module is not read\-only).
182: .IP
183: When this parameter is enabled, rsync will not attempt to map users and groups
184: by name (by default), but instead copy IDs as though \fB\-\-numeric\-ids\fP had
185: been specified. In order to enable name\-mapping, rsync needs to be able to
186: use the standard library functions for looking up names and IDs (i.e.
187: \f(CWgetpwuid()\fP
188: ,
189: \f(CWgetgrgid()\fP
190: ,
191: \f(CWgetpwname()\fP
192: , and
193: \f(CWgetgrnam()\fP
194: ).
195: This means the rsync
196: process in the chroot hierarchy will need to have access to the resources
197: used by these library functions (traditionally /etc/passwd and
198: /etc/group, but perhaps additional dynamic libraries as well).
199: .IP
200: If you copy the necessary resources into the module\(cq\&s chroot area, you
201: should protect them through your OS\(cq\&s normal user/group or ACL settings (to
202: prevent the rsync module\(cq\&s user from being able to change them), and then
203: hide them from the user\(cq\&s view via \(dq\&exclude\(dq\& (see how in the discussion of
204: that parameter). At that point it will be safe to enable the mapping of users
205: and groups by name using the \(dq\&numeric ids\(dq\& daemon parameter (see below).
206: .IP
207: Note also that you are free to setup custom user/group information in the
208: chroot area that is different from your normal system. For example, you
209: could abbreviate the list of users and groups.
210: .IP
211: .IP "\fBnumeric ids\fP"
212: Enabling this parameter disables the mapping
213: of users and groups by name for the current daemon module. This prevents
214: the daemon from trying to load any user/group\-related files or libraries.
215: This enabling makes the transfer behave as if the client had passed
216: the \fB\-\-numeric\-ids\fP command\-line option. By default, this parameter is
217: enabled for chroot modules and disabled for non\-chroot modules.
218: .IP
219: A chroot\-enabled module should not have this parameter enabled unless you\(cq\&ve
220: taken steps to ensure that the module has the necessary resources it needs
221: to translate names, and that it is not possible for a user to change those
222: resources.
223: .IP
224: .IP "\fBmunge symlinks\fP"
225: This parameter tells rsync to modify
226: all incoming symlinks in a way that makes them unusable but recoverable
227: (see below). This should help protect your files from user trickery when
228: your daemon module is writable. The default is disabled when \(dq\&use chroot\(dq\&
229: is on and the inside\-chroot path is \(dq\&/\(dq\&, otherwise it is enabled.
230: .IP
231: If you disable this parameter on a daemon that is not read\-only, there
232: are tricks that a user can play with uploaded symlinks to access
233: daemon\-excluded items (if your module has any), and, if \(dq\&use chroot\(dq\&
234: is off, rsync can even be tricked into showing or changing data that
235: is outside the module\(cq\&s path (as access\-permissions allow).
236: .IP
237: The way rsync disables the use of symlinks is to prefix each one with
238: the string \(dq\&/rsyncd\-munged/\(dq\&. This prevents the links from being used
239: as long as that directory does not exist. When this parameter is enabled,
240: rsync will refuse to run if that path is a directory or a symlink to
241: a directory. When using the \(dq\&munge symlinks\(dq\& parameter in a chroot area
242: that has an inside\-chroot path of \(dq\&/\(dq\&, you should add \(dq\&/rsyncd\-munged/\(dq\&
243: to the exclude setting for the module so that
244: a user can\(cq\&t try to create it.
245: .IP
246: Note: rsync makes no attempt to verify that any pre\-existing symlinks in
247: the module\(cq\&s hierarchy are as safe as you want them to be (unless, of
248: course, it just copied in the whole hierarchy). If you setup an rsync
249: daemon on a new area or locally add symlinks, you can manually protect your
250: symlinks from being abused by prefixing \(dq\&/rsyncd\-munged/\(dq\& to the start of
251: every symlink\(cq\&s value. There is a perl script in the support directory
252: of the source code named \(dq\&munge\-symlinks\(dq\& that can be used to add or remove
253: this prefix from your symlinks.
254: .IP
255: When this parameter is disabled on a writable module and \(dq\&use chroot\(dq\& is off
256: (or the inside\-chroot path is not \(dq\&/\(dq\&),
257: incoming symlinks will be modified to drop a leading slash and to remove \(dq\&..\(dq\&
258: path elements that rsync believes will allow a symlink to escape the module\(cq\&s
259: hierarchy. There are tricky ways to work around this, though, so you had
260: better trust your users if you choose this combination of parameters.
261: .IP
262: .IP "\fBcharset\fP"
263: This specifies the name of the character set in which the
264: module\(cq\&s filenames are stored. If the client uses an \fB\-\-iconv\fP option,
265: the daemon will use the value of the \(dq\&charset\(dq\& parameter regardless of the
266: character set the client actually passed. This allows the daemon to
267: support charset conversion in a chroot module without extra files in the
268: chroot area, and also ensures that name\-translation is done in a consistent
269: manner. If the \(dq\&charset\(dq\& parameter is not set, the \fB\-\-iconv\fP option is
270: refused, just as if \(dq\&iconv\(dq\& had been specified via \(dq\&refuse options\(dq\&.
271: .IP
272: If you wish to force users to always use \fB\-\-iconv\fP for a particular
273: module, add \(dq\&no\-iconv\(dq\& to the \(dq\&refuse options\(dq\& parameter. Keep in mind
274: that this will restrict access to your module to very new rsync clients.
275: .IP
276: .IP "\fBmax connections\fP"
277: This parameter allows you to
278: specify the maximum number of simultaneous connections you will allow.
279: Any clients connecting when the maximum has been reached will receive a
280: message telling them to try later. The default is 0, which means no limit.
281: A negative value disables the module.
282: See also the \(dq\&lock file\(dq\& parameter.
283: .IP
284: .IP "\fBlog file\fP"
285: When the \(dq\&log file\(dq\& parameter is set to a non\-empty
286: string, the rsync daemon will log messages to the indicated file rather
287: than using syslog. This is particularly useful on systems (such as AIX)
288: where
289: \f(CWsyslog()\fP
290: doesn\(cq\&t work for chrooted programs. The file is
291: opened before
292: \f(CWchroot()\fP
293: is called, allowing it to be placed outside
294: the transfer. If this value is set on a per\-module basis instead of
295: globally, the global log will still contain any authorization failures
296: or config\-file error messages.
297: .IP
298: If the daemon fails to open the specified file, it will fall back to
299: using syslog and output an error about the failure. (Note that the
300: failure to open the specified log file used to be a fatal error.)
301: .IP
302: .IP "\fBsyslog facility\fP"
303: This parameter allows you to
304: specify the syslog facility name to use when logging messages from the
305: rsync daemon. You may use any standard syslog facility name which is
306: defined on your system. Common names are auth, authpriv, cron, daemon,
307: ftp, kern, lpr, mail, news, security, syslog, user, uucp, local0,
308: local1, local2, local3, local4, local5, local6 and local7. The default
309: is daemon. This setting has no effect if the \(dq\&log file\(dq\& setting is a
310: non\-empty string (either set in the per\-modules settings, or inherited
311: from the global settings).
312: .IP
313: .IP "\fBmax verbosity\fP"
314: This parameter allows you to control
315: the maximum amount of verbose information that you\(cq\&ll allow the daemon to
316: generate (since the information goes into the log file). The default is 1,
317: which allows the client to request one level of verbosity.
318: .IP
319: .IP "\fBlock file\fP"
320: This parameter specifies the file to use to
321: support the \(dq\&max connections\(dq\& parameter. The rsync daemon uses record
322: locking on this file to ensure that the max connections limit is not
323: exceeded for the modules sharing the lock file.
324: The default is \f(CW/var/run/rsyncd.lock\fP.
325: .IP
326: .IP "\fBread only\fP"
327: This parameter determines whether clients
328: will be able to upload files or not. If \(dq\&read only\(dq\& is true then any
329: attempted uploads will fail. If \(dq\&read only\(dq\& is false then uploads will
330: be possible if file permissions on the daemon side allow them. The default
331: is for all modules to be read only.
332: .IP
333: .IP "\fBwrite only\fP"
334: This parameter determines whether clients
335: will be able to download files or not. If \(dq\&write only\(dq\& is true then any
336: attempted downloads will fail. If \(dq\&write only\(dq\& is false then downloads
337: will be possible if file permissions on the daemon side allow them. The
338: default is for this parameter to be disabled.
339: .IP
340: .IP "\fBlist\fP"
341: This parameter determines if this module should be
342: listed when the client asks for a listing of available modules. By
343: setting this to false you can create hidden modules. The default is
344: for modules to be listable.
345: .IP
346: .IP "\fBuid\fP"
347: This parameter specifies the user name or user ID that
348: file transfers to and from that module should take place as when the daemon
349: was run as root. In combination with the \(dq\&gid\(dq\& parameter this determines what
350: file permissions are available. The default is uid \-2, which is normally
351: the user \(dq\&nobody\(dq\&.
352: .IP
353: .IP "\fBgid\fP"
354: This parameter specifies the group name or group ID that
355: file transfers to and from that module should take place as when the daemon
356: was run as root. This complements the \(dq\&uid\(dq\& parameter. The default is gid \-2,
357: which is normally the group \(dq\&nobody\(dq\&.
358: .IP
359: .IP "\fBfake super\fP"
360: Setting \(dq\&fake super = yes\(dq\& for a module causes the
361: daemon side to behave as if the \fB\-\-fake\-super\fP command\-line option had
362: been specified. This allows the full attributes of a file to be stored
363: without having to have the daemon actually running as root.
364: .IP
365: .IP "\fBfilter\fP"
366: The daemon has its own filter chain that determines what files
367: it will let the client access. This chain is not sent to the client and is
368: independent of any filters the client may have specified. Files excluded by
369: the daemon filter chain (\fBdaemon\-excluded\fP files) are treated as non\-existent
370: if the client tries to pull them, are skipped with an error message if the
371: client tries to push them (triggering exit code 23), and are never deleted from
372: the module. You can use daemon filters to prevent clients from downloading or
373: tampering with private administrative files, such as files you may add to
374: support uid/gid name translations.
375: .IP
376: The daemon filter chain is built from the \(dq\&filter\(dq\&, \(dq\&include from\(dq\&, \(dq\&include\(dq\&,
377: \(dq\&exclude from\(dq\&, and \(dq\&exclude\(dq\& parameters, in that order of priority. Anchored
378: patterns are anchored at the root of the module. To prevent access to an
379: entire subtree, for example, \(dq\&/secret\(dq\&, you \fImust\fP exclude everything in the
380: subtree; the easiest way to do this is with a triple\-star pattern like
381: \(dq\&/secret/***\(dq\&.
382: .IP
383: The \(dq\&filter\(dq\& parameter takes a space\-separated list of daemon filter rules,
384: though it is smart enough to know not to split a token at an internal space in
385: a rule (e.g. \(dq\&\- /foo \- /bar\(dq\& is parsed as two rules). You may specify one or
386: more merge\-file rules using the normal syntax. Only one \(dq\&filter\(dq\& parameter can
387: apply to a given module in the config file, so put all the rules you want in a
388: single parameter. Note that per\-directory merge\-file rules do not provide as
389: much protection as global rules, but they can be used to make \fB\-\-delete\fP work
390: better during a client download operation if the per\-dir merge files are
391: included in the transfer and the client requests that they be used.
392: .IP
393: .IP "\fBexclude\fP"
394: This parameter takes a space\-separated list of daemon
395: exclude patterns. As with the client \fB\-\-exclude\fP option, patterns can be
396: qualified with \(dq\&\- \(dq\& or \(dq\&+ \(dq\& to explicitly indicate exclude/include. Only one
397: \(dq\&exclude\(dq\& parameter can apply to a given module. See the \(dq\&filter\(dq\& parameter
398: for a description of how excluded files affect the daemon.
399: .IP
400: .IP "\fBinclude\fP"
401: Use an \(dq\&include\(dq\& to override the effects of the \(dq\&exclude\(dq\&
402: parameter. Only one \(dq\&include\(dq\& parameter can apply to a given module. See the
403: \(dq\&filter\(dq\& parameter for a description of how excluded files affect the daemon.
404: .IP
405: .IP "\fBexclude from\fP"
406: This parameter specifies the name of a file
407: on the daemon that contains daemon exclude patterns, one per line. Only one
408: \(dq\&exclude from\(dq\& parameter can apply to a given module; if you have multiple
409: exclude\-from files, you can specify them as a merge file in the \(dq\&filter\(dq\&
410: parameter. See the \(dq\&filter\(dq\& parameter for a description of how excluded files
411: affect the daemon.
412: .IP
413: .IP "\fBinclude from\fP"
414: Analogue of \(dq\&exclude from\(dq\& for a file of daemon include
415: patterns. Only one \(dq\&include from\(dq\& parameter can apply to a given module. See
416: the \(dq\&filter\(dq\& parameter for a description of how excluded files affect the
417: daemon.
418: .IP
419: .IP "\fBincoming chmod\fP"
420: This parameter allows you to specify a set of
421: comma\-separated chmod strings that will affect the permissions of all
422: incoming files (files that are being received by the daemon). These
423: changes happen after all other permission calculations, and this will
424: even override destination\-default and/or existing permissions when the
425: client does not specify \fB\-\-perms\fP.
426: See the description of the \fB\-\-chmod\fP rsync option and the \fBchmod\fP(1)
427: manpage for information on the format of this string.
428: .IP
429: .IP "\fBoutgoing chmod\fP"
430: This parameter allows you to specify a set of
431: comma\-separated chmod strings that will affect the permissions of all
432: outgoing files (files that are being sent out from the daemon). These
433: changes happen first, making the sent permissions appear to be different
434: than those stored in the filesystem itself. For instance, you could
435: disable group write permissions on the server while having it appear to
436: be on to the clients.
437: See the description of the \fB\-\-chmod\fP rsync option and the \fBchmod\fP(1)
438: manpage for information on the format of this string.
439: .IP
440: .IP "\fBauth users\fP"
441: This parameter specifies a comma and
442: space\-separated list of usernames that will be allowed to connect to
443: this module. The usernames do not need to exist on the local
444: system. The usernames may also contain shell wildcard characters. If
445: \(dq\&auth users\(dq\& is set then the client will be challenged to supply a
446: username and password to connect to the module. A challenge response
447: authentication protocol is used for this exchange. The plain text
448: usernames and passwords are stored in the file specified by the
449: \(dq\&secrets file\(dq\& parameter. The default is for all users to be able to
450: connect without a password (this is called \(dq\&anonymous rsync\(dq\&).
451: .IP
452: See also the section entitled \(dq\&USING RSYNC\-DAEMON FEATURES VIA A REMOTE
453: SHELL CONNECTION\(dq\& in \fBrsync\fP(1) for information on how handle an
454: rsyncd.conf\-level username that differs from the remote\-shell\-level
455: username when using a remote shell to connect to an rsync daemon.
456: .IP
457: .IP "\fBsecrets file\fP"
458: This parameter specifies the name of
459: a file that contains the username:password pairs used for
460: authenticating this module. This file is only consulted if the \(dq\&auth
461: users\(dq\& parameter is specified. The file is line based and contains
462: username:password pairs separated by a single colon. Any line starting
463: with a hash (#) is considered a comment and is skipped. The passwords
464: can contain any characters but be warned that many operating systems
465: limit the length of passwords that can be typed at the client end, so
466: you may find that passwords longer than 8 characters don\(cq\&t work.
467: .IP
468: There is no default for the \(dq\&secrets file\(dq\& parameter, you must choose a name
469: (such as \f(CW/etc/rsyncd.secrets\fP). The file must normally not be readable
470: by \(dq\&other\(dq\&; see \(dq\&strict modes\(dq\&.
471: .IP
472: .IP "\fBstrict modes\fP"
473: This parameter determines whether or not
474: the permissions on the secrets file will be checked. If \(dq\&strict modes\(dq\& is
475: true, then the secrets file must not be readable by any user ID other
476: than the one that the rsync daemon is running under. If \(dq\&strict modes\(dq\& is
477: false, the check is not performed. The default is true. This parameter
478: was added to accommodate rsync running on the Windows operating system.
479: .IP
480: .IP "\fBhosts allow\fP"
481: This parameter allows you to specify a
482: list of patterns that are matched against a connecting clients
483: hostname and IP address. If none of the patterns match then the
484: connection is rejected.
485: .IP
486: Each pattern can be in one of five forms:
487: .IP
488: .RS
489: .IP o
490: a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address
491: of the form a:b:c::d:e:f. In this case the incoming machine\(cq\&s IP address
492: must match exactly.
493: .IP o
494: an address/mask in the form ipaddr/n where ipaddr is the IP address
495: and n is the number of one bits in the netmask. All IP addresses which
496: match the masked IP address will be allowed in.
497: .IP o
498: an address/mask in the form ipaddr/maskaddr where ipaddr is the
499: IP address and maskaddr is the netmask in dotted decimal notation for IPv4,
500: or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP
501: addresses which match the masked IP address will be allowed in.
502: .IP o
503: a hostname. The hostname as determined by a reverse lookup will
504: be matched (case insensitive) against the pattern. Only an exact
505: match is allowed in.
506: .IP o
507: a hostname pattern using wildcards. These are matched using the
508: same rules as normal unix filename matching. If the pattern matches
509: then the client is allowed in.
510: .RE
511:
512: .IP
513: Note IPv6 link\-local addresses can have a scope in the address specification:
514: .IP
515: .RS
516: \f(CW fe80::1%link1\fP
517: .br
518: \f(CW fe80::%link1/64\fP
519: .br
520: \f(CW fe80::%link1/ffff:ffff:ffff:ffff::\fP
521: .br
522: .RE
523:
524: .IP
525: You can also combine \(dq\&hosts allow\(dq\& with a separate \(dq\&hosts deny\(dq\&
526: parameter. If both parameters are specified then the \(dq\&hosts allow\(dq\& parameter is
527: checked first and a match results in the client being able to
528: connect. The \(dq\&hosts deny\(dq\& parameter is then checked and a match means
529: that the host is rejected. If the host does not match either the
530: \(dq\&hosts allow\(dq\& or the \(dq\&hosts deny\(dq\& patterns then it is allowed to
531: connect.
532: .IP
533: The default is no \(dq\&hosts allow\(dq\& parameter, which means all hosts can connect.
534: .IP
535: .IP "\fBhosts deny\fP"
536: This parameter allows you to specify a
537: list of patterns that are matched against a connecting clients
538: hostname and IP address. If the pattern matches then the connection is
539: rejected. See the \(dq\&hosts allow\(dq\& parameter for more information.
540: .IP
541: The default is no \(dq\&hosts deny\(dq\& parameter, which means all hosts can connect.
542: .IP
543: .IP "\fBignore errors\fP"
544: This parameter tells rsyncd to
545: ignore I/O errors on the daemon when deciding whether to run the delete
546: phase of the transfer. Normally rsync skips the \fB\-\-delete\fP step if any
547: I/O errors have occurred in order to prevent disastrous deletion due
548: to a temporary resource shortage or other I/O error. In some cases this
549: test is counter productive so you can use this parameter to turn off this
550: behavior.
551: .IP
552: .IP "\fBignore nonreadable\fP"
553: This tells the rsync daemon to completely
554: ignore files that are not readable by the user. This is useful for
555: public archives that may have some non\-readable files among the
556: directories, and the sysadmin doesn\(cq\&t want those files to be seen at all.
557: .IP
558: .IP "\fBtransfer logging\fP"
559: This parameter enables per\-file
560: logging of downloads and uploads in a format somewhat similar to that
561: used by ftp daemons. The daemon always logs the transfer at the end, so
562: if a transfer is aborted, no mention will be made in the log file.
563: .IP
564: If you want to customize the log lines, see the \(dq\&log format\(dq\& parameter.
565: .IP
566: .IP "\fBlog format\fP"
567: This parameter allows you to specify the
568: format used for logging file transfers when transfer logging is enabled.
569: The format is a text string containing embedded single\-character escape
570: sequences prefixed with a percent (%) character. An optional numeric
571: field width may also be specified between the percent and the escape
572: letter (e.g. \(dq\&\fB%\-50n %8l %07p\fP\(dq\&).
573: .IP
574: The default log format is \(dq\&%o %h [%a] %m (%u) %f %l\(dq\&, and a \(dq\&%t [%p] \(dq\&
575: is always prefixed when using the \(dq\&log file\(dq\& parameter.
576: (A perl script that will summarize this default log format is included
577: in the rsync source code distribution in the \(dq\&support\(dq\& subdirectory:
578: rsyncstats.)
579: .IP
580: The single\-character escapes that are understood are as follows:
581: .IP
582: .RS
583: .IP o
584: %a the remote IP address
585: .IP o
586: %b the number of bytes actually transferred
587: .IP o
588: %B the permission bits of the file (e.g. rwxrwxrwt)
589: .IP o
590: %c the total size of the block checksums received for the basis file (only when sending)
591: .IP o
592: %f the filename (long form on sender; no trailing \(dq\&/\(dq\&)
593: .IP o
594: %G the gid of the file (decimal) or \(dq\&DEFAULT\(dq\&
595: .IP o
596: %h the remote host name
597: .IP o
598: %i an itemized list of what is being updated
599: .IP o
600: %l the length of the file in bytes
601: .IP o
602: %L the string \(dq\& \-> SYMLINK\(dq\&, \(dq\& => HARDLINK\(dq\&, or \(dq\&\(dq\& (where \fBSYMLINK\fP or \fBHARDLINK\fP is a filename)
603: .IP o
604: %m the module name
605: .IP o
606: %M the last\-modified time of the file
607: .IP o
608: %n the filename (short form; trailing \(dq\&/\(dq\& on dir)
609: .IP o
610: %o the operation, which is \(dq\&send\(dq\&, \(dq\&recv\(dq\&, or \(dq\&del.\(dq\& (the latter includes the trailing period)
611: .IP o
612: %p the process ID of this rsync session
613: .IP o
614: %P the module path
615: .IP o
616: %t the current date time
617: .IP o
618: %u the authenticated username or an empty string
619: .IP o
620: %U the uid of the file (decimal)
621: .RE
622:
623: .IP
624: For a list of what the characters mean that are output by \(dq\&%i\(dq\&, see the
625: \fB\-\-itemize\-changes\fP option in the rsync manpage.
626: .IP
627: Note that some of the logged output changes when talking with older
628: rsync versions. For instance, deleted files were only output as verbose
629: messages prior to rsync 2.6.4.
630: .IP
631: .IP "\fBtimeout\fP"
632: This parameter allows you to override the
633: clients choice for I/O timeout for this module. Using this parameter you
634: can ensure that rsync won\(cq\&t wait on a dead client forever. The timeout
635: is specified in seconds. A value of zero means no timeout and is the
636: default. A good choice for anonymous rsync daemons may be 600 (giving
637: a 10 minute timeout).
638: .IP
639: .IP "\fBrefuse options\fP"
640: This parameter allows you to
641: specify a space\-separated list of rsync command line options that will
642: be refused by your rsync daemon.
643: You may specify the full option name, its one\-letter abbreviation, or a
644: wild\-card string that matches multiple options.
645: For example, this would refuse \fB\-\-checksum\fP (\fB\-c\fP) and all the various
646: delete options:
647: .IP
648: .RS
649: \f(CW refuse options = c delete\fP
650: .RE
651:
652: .IP
653: The reason the above refuses all delete options is that the options imply
654: \fB\-\-delete\fP, and implied options are refused just like explicit options.
655: As an additional safety feature, the refusal of \(dq\&delete\(dq\& also refuses
656: \fBremove\-source\-files\fP when the daemon is the sender; if you want the latter
657: without the former, instead refuse \(dq\&delete\-*\(dq\& \-\- that refuses all the
658: delete modes without affecting \fB\-\-remove\-source\-files\fP.
659: .IP
660: When an option is refused, the daemon prints an error message and exits.
661: To prevent all compression when serving files,
662: you can use \(dq\&dont compress = *\(dq\& (see below)
663: instead of \(dq\&refuse options = compress\(dq\& to avoid returning an error to a
664: client that requests compression.
665: .IP
666: .IP "\fBdont compress\fP"
667: This parameter allows you to select
668: filenames based on wildcard patterns that should not be compressed
669: when pulling files from the daemon (no analogous parameter exists to
670: govern the pushing of files to a daemon).
671: Compression is expensive in terms of CPU usage, so it
672: is usually good to not try to compress files that won\(cq\&t compress well,
673: such as already compressed files.
674: .IP
675: The \(dq\&dont compress\(dq\& parameter takes a space\-separated list of
676: case\-insensitive wildcard patterns. Any source filename matching one
677: of the patterns will not be compressed during transfer.
678: .IP
679: See the \fB\-\-skip\-compress\fP parameter in the \fBrsync\fP(1) manpage for the list
680: of file suffixes that are not compressed by default. Specifying a value
681: for the \(dq\&dont compress\(dq\& parameter changes the default when the daemon is
682: the sender.
683: .IP
684: .IP "\fBpre\-xfer exec\fP, \fBpost\-xfer exec\fP"
685: You may specify a command to be run
686: before and/or after the transfer. If the \fBpre\-xfer exec\fP command fails, the
687: transfer is aborted before it begins.
688: .IP
689: The following environment variables will be set, though some are
690: specific to the pre\-xfer or the post\-xfer environment:
691: .IP
692: .RS
693: .IP o
694: \fBRSYNC_MODULE_NAME\fP: The name of the module being accessed.
695: .IP o
696: \fBRSYNC_MODULE_PATH\fP: The path configured for the module.
697: .IP o
698: \fBRSYNC_HOST_ADDR\fP: The accessing host\(cq\&s IP address.
699: .IP o
700: \fBRSYNC_HOST_NAME\fP: The accessing host\(cq\&s name.
701: .IP o
702: \fBRSYNC_USER_NAME\fP: The accessing user\(cq\&s name (empty if no user).
703: .IP o
704: \fBRSYNC_PID\fP: A unique number for this transfer.
705: .IP o
706: \fBRSYNC_REQUEST\fP: (pre\-xfer only) The module/path info specified
707: by the user (note that the user can specify multiple source files,
708: so the request can be something like \(dq\&mod/path1 mod/path2\(dq\&, etc.).
709: .IP o
710: \fBRSYNC_ARG#\fP: (pre\-xfer only) The pre\-request arguments are set
711: in these numbered values. RSYNC_ARG0 is always \(dq\&rsyncd\(dq\&, and the last
712: value contains a single period.
713: .IP o
714: \fBRSYNC_EXIT_STATUS\fP: (post\-xfer only) the server side\(cq\&s exit value.
715: This will be 0 for a successful run, a positive value for an error that the
716: server generated, or a \-1 if rsync failed to exit properly. Note that an
717: error that occurs on the client side does not currently get sent to the
718: server side, so this is not the final exit status for the whole transfer.
719: .IP o
720: \fBRSYNC_RAW_STATUS\fP: (post\-xfer only) the raw exit value from
721: \f(CWwaitpid()\fP
722: \&.
723: .RE
724:
725: .IP
726: Even though the commands can be associated with a particular module, they
727: are run using the permissions of the user that started the daemon (not the
728: module\(cq\&s uid/gid setting) without any chroot restrictions.
729: .IP
730: .SH "AUTHENTICATION STRENGTH"
731:
732: .PP
733: The authentication protocol used in rsync is a 128 bit MD4 based
734: challenge response system. This is fairly weak protection, though (with
735: at least one brute\-force hash\-finding algorithm publicly available), so
736: if you want really top\-quality security, then I recommend that you run
737: rsync over ssh. (Yes, a future version of rsync will switch over to a
738: stronger hashing method.)
739: .PP
740: Also note that the rsync daemon protocol does not currently provide any
741: encryption of the data that is transferred over the connection. Only
742: authentication is provided. Use ssh as the transport if you want
743: encryption.
744: .PP
745: Future versions of rsync may support SSL for better authentication and
746: encryption, but that is still being investigated.
747: .PP
748: .SH "EXAMPLES"
749:
750: .PP
751: A simple rsyncd.conf file that allow anonymous rsync to a ftp area at
752: \f(CW/home/ftp\fP would be:
753: .PP
754: .nf
755:
756: [ftp]
757: path = /home/ftp
758: comment = ftp export area
759:
760: .fi
761:
762: .PP
763: A more sophisticated example would be:
764: .PP
765: .nf
766:
767: uid = nobody
768: gid = nobody
769: use chroot = yes
770: max connections = 4
771: syslog facility = local5
772: pid file = /var/run/rsyncd.pid
773:
774: [ftp]
775: path = /var/ftp/./pub
776: comment = whole ftp area (approx 6.1 GB)
777:
778: [sambaftp]
779: path = /var/ftp/./pub/samba
780: comment = Samba ftp area (approx 300 MB)
781:
782: [rsyncftp]
783: path = /var/ftp/./pub/rsync
784: comment = rsync ftp area (approx 6 MB)
785:
786: [sambawww]
787: path = /public_html/samba
788: comment = Samba WWW pages (approx 240 MB)
789:
790: [cvs]
791: path = /data/cvs
792: comment = CVS repository (requires authentication)
793: auth users = tridge, susan
794: secrets file = /etc/rsyncd.secrets
795:
796: .fi
797:
798: .PP
799: The /etc/rsyncd.secrets file would look something like this:
800: .PP
801: .RS
802: \f(CWtridge:mypass\fP
803: .br
804: \f(CWsusan:herpass\fP
805: .br
806: .RE
807:
808: .PP
809: .SH "FILES"
810:
811: .PP
812: /etc/rsyncd.conf or rsyncd.conf
813: .PP
814: .SH "SEE ALSO"
815:
816: .PP
817: \fBrsync\fP(1)
818: .PP
819: .SH "DIAGNOSTICS"
820:
821: .PP
822: .SH "BUGS"
823:
824: .PP
825: Please report bugs! The rsync bug tracking system is online at
826: http://rsync.samba.org/
827: .PP
828: .SH "VERSION"
829:
830: .PP
831: This man page is current for version 3.0.9 of rsync.
832: .PP
833: .SH "CREDITS"
834:
835: .PP
836: rsync is distributed under the GNU public license. See the file
837: COPYING for details.
838: .PP
839: The primary ftp site for rsync is
840: ftp://rsync.samba.org/pub/rsync.
841: .PP
842: A WEB site is available at
843: http://rsync.samba.org/
844: .PP
845: We would be delighted to hear from you if you like this program.
846: .PP
847: This program uses the zlib compression library written by Jean\-loup
848: Gailly and Mark Adler.
849: .PP
850: .SH "THANKS"
851:
852: .PP
853: Thanks to Warren Stanley for his original idea and patch for the rsync
854: daemon. Thanks to Karsten Thygesen for his many suggestions and
855: documentation!
856: .PP
857: .SH "AUTHOR"
858:
859: .PP
860: rsync was written by Andrew Tridgell and Paul Mackerras.
861: Many people have later contributed to it.
862: .PP
863: Mailing lists for support and development are available at
864: http://lists.samba.org
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>