Penguin

rsyncd.conf

rsyncd.conf

NAME SYNOPSIS DESCRIPTION FILE FORMAT LAUNCHING THE RSYNC DAEMON GLOBAL OPTIONS MODULE OPTIONS AUTHENTICATION STRENGTH EXAMPLES FILES SEE ALSO DIAGNOSTICS BUGS VERSION CREDITS THANKS AUTHOR


NAME

rsyncd.conf - configuration file for rsync server

SYNOPSIS

rsyncd.conf

DESCRIPTION

The rsyncd.conf file is the runtime configuration file for rsync when run with the --daemon option. When run in this way rsync becomes a rsync server listening on TCP port 873. Connections from rsync clients are accepted for either anonymous or authenticated rsync sessions.

The rsyncd.conf file controls authentication, access, logging and available modules.

FILE FORMAT

The file consists of modules and parameters. A module begins with the name of the module in square brackets and continues until the next module begins. Modules contain parameters of the form name = value.

The file is line-based - that is, each newline-terminated line represents either a comment, a module name or a parameter.

Only the first equals sign in a parameter is significant. Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in module and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value is retained verbatim.

Any line beginning with a hash (#) is ignored, as are lines containing only whitespace.

Any line ending in a \ is

The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean, which may be given as yes/no, 0/1 or true/false. Case is not significant in boolean values, but is preserved in string values.

LAUNCHING THE RSYNC DAEMON

The rsync daemon is launched by specifying the --daemon option to rsync.

The daemon must run with root privileges if you wish to use chroot, to bind to a port numbered under 1024 (as is the default 873), or to set file ownership. Otherwise, it must just have permission to read and write the appropriate data, log, and lock files.

You can launch it either via inetd or as a stand-alone daemon. If run as a daemon then just run the command

When run via inetd you should add a line like this to /etc/services:

rsync 873/tcp

and a single line something like this to /etc/inetd.conf:

rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon

Replace

Note that you should not send the rsync server a HUP signal to force it to reread the /etc/rsyncd.conf. The file is re-read on each client connection.

GLOBAL OPTIONS

The first parameters in the file (before a [module? header) are the global parameters.

You may also include any module parameters in the global part of the config file in which case the supplied value will override the default for that parameter.

motd file

The

log file

The

pid file

The

syslog facility

The

socket options

This option can provide endless fun for people who like to tune their systems to the utmost degree. You can set all sorts of socket options which may make transfers faster (or slower!). Read the man page for the setsockopt() system call for details on some of the options you may be able to set. By default no special socket options are set.

MODULE OPTIONS

After the global options you should define a number of modules, each module exports a directory tree as a symbolic name. Modules are exported by specifying a module name in square brackets [module? followed by the options for that module.

comment

The

path

The /etc/rsyncd.conf.

use chroot

If

max connections

The

lock file

The /var/run/rsyncd.lock.

read only

The

list

The

uid

The

gid

The

exclude

The

Note that this option is not designed with strong security in mind, it is quite possible that a client may find a way to bypass this exclude list. If you want to absolutely ensure that certain files cannot be accessed then use the uid/gid options in combination with file permissions.

exclude from

The

include

The

See the section of exclude patterns in the rsync man page for information on the syntax of this option.

include from

The

auth users

The

secrets file

The

There is no default for the /etc/rsyncd.secrets). The file must normally not be readable by

strict modes

The

hosts allow

The

Each pattern can be in one of five forms:

o

a dotted decimal IP address. In this case the incoming machines IP address must match exactly.

o

a address/mask in the form a.b.c.d/n were n is the number of one bits in in the netmask. All IP addresses which match the masked IP address will be allowed in.

o

a address/mask in the form a.b.c.d/e.f.g.h where e.f.g.h is a netmask in dotted decimal notation. All IP addresses which match the masked IP address will be allowed in.

o

a hostname. The hostname as determined by a reverse lookup will be matched (case insensitive) against the pattern. Only an exact match is allowed in.

o

a hostname pattern using wildcards. These are matched using the same rules as normal unix filename matching. If the pattern matches then the client is allowed in.

You can also combine

The default is no

hosts deny

The

The default is no

ignore errors

The

ignore nonreadable

This tells the rsync server to completely ignore files that are not readable by the user. This is useful for public archives that may have some non-readable files among the directories, and the sysadmin doesnt want those files to be seen at all.

transfer logging

The

log format

The

The prefixes that are understood are:

o

%h for the remote host name

o

%a for the remote IP address

o

%l for the length of the file in bytes

o

%p for the process id of this rsync session

o

%o for the operation, which is either

o

%f for the filename

o

%P for the module path

o

%m for the module name

o

%t for the current date time

o

%u for the authenticated username (or the null string)

o

%b for the number of bytes actually transferred

o

%c when sending files this gives the number of checksum bytes received for this file

The default log format is

A perl script called rsyncstats to summarize this format is included in the rsync source code distribution.

timeout

The

refuse options

The

dont compress

The

The

The default setting is

  • .gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz

AUTHENTICATION STRENGTH

The authentication protocol used in rsync is a 128 bit MD4 based challenge response system. Although I believe that no one has ever demonstrated a brute-force break of this sort of system you should realize that this is not a

Also note that the rsync server protocol does not currently provide any encryption of the data that is transferred over the link. Only authentication is provided. Use ssh as the transport if you want encryption.

Future versions of rsync may support SSL for better authentication and encryption, but that is still being investigated.

EXAMPLES

A simple rsyncd.conf file that allow anonymous rsync to a ftp area at /home/ftp would be:

[ftp? path = /home/ftp comment = ftp export area

A more sophisticated example would be:

uid = nobody gid = nobody use chroot = no max connections = 4 syslog facility = local5 pid file = /var/run/rsyncd.pid

[ftp? path = /var/ftp/pub comment = whole ftp area (approx 6.1 GB) [sambaftp? path = /var/ftp/pub/samba comment = Samba ftp area (approx 300 MB) [rsyncftp? path = /var/ftp/pub/rsync comment = rsync ftp area (approx 6 MB) [sambawww? path = /public_html/samba comment = Samba WWW pages (approx 240 MB) [cvs? path = /data/cvs comment = CVS repository (requires authentication) auth users = tridge, susan secrets file = /etc/rsyncd.secrets

The /etc/rsyncd.secrets file would look something like this:

tridge:mypass susan:herpass

FILES

/etc/rsyncd.conf

SEE ALSO

rsync(1)

DIAGNOSTICS

BUGS

The rsync server does not send all types of error messages to the client. this means a client may be mystified as to why a transfer failed. The error will have been logged by syslog on the server.

Please report bugs! The rsync bug tracking system is online at http://rsync.samba.org/

VERSION

This man page is current for version 2.0 of rsync

CREDITS

rsync is distributed under the GNU public license. See the file COPYING for details.

The primary ftp site for rsync is ftp://rsync.samba.org/pub/rsync.

A WEB site is available at http://rsync.samba.org/

We would be delighted to hear from you if you like this program.

This program uses the zlib compression library written by Jean-loup Gailly and Mark Adler.

THANKS

Thanks to Warren Stanley for his original idea and patch for the rsync server. Thanks to Karsten Thygesen for his many suggestions and documentation!

AUTHOR

rsync was written by Andrew Tridgell and Paul Mackerras. They may be contacted via email at tridge@samba.org and Paul.Mackerras@cs.anu.edu.au


This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.