rsyncd.conf
NAME SYNOPSIS DESCRIPTION FILE FORMAT LAUNCHING THE RSYNC DAEMON GLOBAL OPTIONS MODULE OPTIONS AUTHENTICATION STRENGTH EXAMPLES FILES SEE ALSO DIAGNOSTICS BUGS VERSION CREDITS THANKS AUTHOR
rsyncd.conf - configuration file for rsync server
rsyncd.conf
The rsyncd.conf file is the runtime configuration file for rsync when run with the --daemon option. When run in this way rsync becomes a rsync server listening on TCP port 873. Connections from rsync clients are accepted for either anonymous or authenticated rsync sessions.
The rsyncd.conf file controls authentication, access, logging and available modules.
The file consists of modules and parameters. A module begins with the name of the module in square brackets and continues until the next module begins. Modules contain parameters of the form name = value.
The file is line-based - that is, each newline-terminated line represents either a comment, a module name or a parameter.
Only the first equals sign in a parameter is significant. Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in module and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value is retained verbatim.
Any line beginning with a hash (#) is ignored, as are lines containing only whitespace.
Any line ending in a \ is
The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean, which may be given as yes/no, 0/1 or true/false. Case is not significant in boolean values, but is preserved in string values.
The rsync daemon is launched by specifying the --daemon option to rsync.
The daemon must run with root privileges if you wish to use chroot, to bind to a port numbered under 1024 (as is the default 873), or to set file ownership. Otherwise, it must just have permission to read and write the appropriate data, log, and lock files.
You can launch it either via inetd or as a stand-alone daemon. If run as a daemon then just run the command
When run via inetd you should add a line like this to /etc/services:
rsync 873/tcp
and a single line something like this to /etc/inetd.conf:
rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon
Replace
Note that you should not send the rsync server a HUP signal to force it to reread the /etc/rsyncd.conf. The file is re-read on each client connection.
The first parameters in the file (before a [module? header) are the global parameters.
You may also include any module parameters in the global part of the config file in which case the supplied value will override the default for that parameter.
motd file
The
log file
The
pid file
The
syslog facility
The
socket options
This option can provide endless fun for people who like to tune their systems to the utmost degree. You can set all sorts of socket options which may make transfers faster (or slower!). Read the man page for the setsockopt() system call for details on some of the options you may be able to set. By default no special socket options are set.
After the global options you should define a number of modules, each module exports a directory tree as a symbolic name. Modules are exported by specifying a module name in square brackets [module? followed by the options for that module.
comment
The
path
The /etc/rsyncd.conf.
use chroot
If
max connections
The
lock file
The /var/run/rsyncd.lock.
read only
The
list
The
uid
The
gid
The
exclude
The
Note that this option is not designed with strong security in mind, it is quite possible that a client may find a way to bypass this exclude list. If you want to absolutely ensure that certain files cannot be accessed then use the uid/gid options in combination with file permissions.
exclude from
The
include
The
See the section of exclude patterns in the rsync man page for information on the syntax of this option.
include from
The
auth users
The
secrets file
The
There is no default for the /etc/rsyncd.secrets). The file must normally not be readable by
strict modes
The
hosts allow
The
Each pattern can be in one of five forms:
o
a dotted decimal IP address. In this case the incoming machines IP address must match exactly.
o
a address/mask in the form a.b.c.d/n were n is the number of one bits in in the netmask. All IP addresses which match the masked IP address will be allowed in.
o
a address/mask in the form a.b.c.d/e.f.g.h where e.f.g.h is a netmask in dotted decimal notation. All IP addresses which match the masked IP address will be allowed in.
o
a hostname. The hostname as determined by a reverse lookup will be matched (case insensitive) against the pattern. Only an exact match is allowed in.
o
a hostname pattern using wildcards. These are matched using the same rules as normal unix filename matching. If the pattern matches then the client is allowed in.
You can also combine
The default is no
hosts deny
The
The default is no
ignore errors
The
ignore nonreadable
This tells the rsync server to completely ignore files that are not readable by the user. This is useful for public archives that may have some non-readable files among the directories, and the sysadmin doesnt want those files to be seen at all.
transfer logging
The
log format
The
The prefixes that are understood are:
o
%h for the remote host name
o
%a for the remote IP address
o
%l for the length of the file in bytes
o
%p for the process id of this rsync session
o
%o for the operation, which is either
o
%f for the filename
o
%P for the module path
o
%m for the module name
o
%t for the current date time
o
%u for the authenticated username (or the null string)
o
%b for the number of bytes actually transferred
o
%c when sending files this gives the number of checksum bytes received for this file
The default log format is
A perl script called rsyncstats to summarize this format is included in the rsync source code distribution.
timeout
The
refuse options
The
dont compress
The
The
The default setting is
The authentication protocol used in rsync is a 128 bit MD4 based challenge response system. Although I believe that no one has ever demonstrated a brute-force break of this sort of system you should realize that this is not a
Also note that the rsync server protocol does not currently provide any encryption of the data that is transferred over the link. Only authentication is provided. Use ssh as the transport if you want encryption.
Future versions of rsync may support SSL for better authentication and encryption, but that is still being investigated.
A simple rsyncd.conf file that allow anonymous rsync to a ftp area at /home/ftp would be:
[ftp? path = /home/ftp comment = ftp export area
A more sophisticated example would be:
uid = nobody gid = nobody use chroot = no max connections = 4 syslog facility = local5 pid file = /var/run/rsyncd.pid
[ftp? path = /var/ftp/pub comment = whole ftp area (approx 6.1 GB) [sambaftp? path = /var/ftp/pub/samba comment = Samba ftp area (approx 300 MB) [rsyncftp? path = /var/ftp/pub/rsync comment = rsync ftp area (approx 6 MB) [sambawww? path = /public_html/samba comment = Samba WWW pages (approx 240 MB) [cvs? path = /data/cvs comment = CVS repository (requires authentication) auth users = tridge, susan secrets file = /etc/rsyncd.secrets
The /etc/rsyncd.secrets file would look something like this:
tridge:mypass susan:herpass
/etc/rsyncd.conf
The rsync server does not send all types of error messages to the client. this means a client may be mystified as to why a transfer failed. The error will have been logged by syslog on the server.
Please report bugs! The rsync bug tracking system is online
at 
http://rsync.samba.org/
This man page is current for version 2.0 of rsync
rsync is distributed under the GNU public license. See the file COPYING for details.
The primary ftp site for rsync is
ftp://rsync.samba.org/pub/rsync.
A WEB site is available at
http://rsync.samba.org/
We would be delighted to hear from you if you like this program.
This program uses the zlib compression library written by Jean-loup Gailly and Mark Adler.
Thanks to Warren Stanley for his original idea and patch for the rsync server. Thanks to Karsten Thygesen for his many suggestions and documentation!
rsync was written by Andrew Tridgell and Paul Mackerras. They may be contacted via email at tridge@samba.org and Paul.Mackerras@cs.anu.edu.au
2 pages link to rsyncd.conf(5):
