Penguin
Recent Changes
Blame: rsyncd.conf(5)
EditPageHistoryDiffInfoLikePages
Annotated edit history of rsyncd.conf(5) version 1, including all changes. View license author blame.
Rev Author # Line
1 perry 1 rsyncd.conf
2 !!!rsyncd.conf
3 NAME
4 SYNOPSIS
5 DESCRIPTION
6 FILE FORMAT
7 LAUNCHING THE RSYNC DAEMON
8 GLOBAL OPTIONS
9 MODULE OPTIONS
10 AUTHENTICATION STRENGTH
11 EXAMPLES
12 FILES
13 SEE ALSO
14 DIAGNOSTICS
15 BUGS
16 VERSION
17 CREDITS
18 THANKS
19 AUTHOR
20 ----
21 !!NAME
22
23
24 rsyncd.conf - configuration file for rsync server
25 !!SYNOPSIS
26
27
28 rsyncd.conf
29 !!DESCRIPTION
30
31
32 The rsyncd.conf file is the runtime configuration file for
33 rsync when run with the --daemon option. When run in this
34 way rsync becomes a rsync server listening on TCP port 873.
35 Connections from rsync clients are accepted for either
36 anonymous or authenticated rsync sessions.
37
38
39 The rsyncd.conf file controls authentication, access,
40 logging and available modules.
41 !!FILE FORMAT
42
43
44 The file consists of modules and parameters. A module begins
45 with the name of the module in square brackets and continues
46 until the next module begins. Modules contain parameters of
47 the form name = value.
48
49
50 The file is line-based - that is, each newline-terminated
51 line represents either a comment, a module name or a
52 parameter.
53
54
55 Only the first equals sign in a parameter is significant.
56 Whitespace before or after the first equals sign is
57 discarded. Leading, trailing and internal whitespace in
58 module and parameter names is irrelevant. Leading and
59 trailing whitespace in a parameter value is discarded.
60 Internal whitespace within a parameter value is retained
61 verbatim.
62
63
64 Any line beginning with a hash (#) is ignored, as are lines
65 containing only whitespace.
66
67
68 Any line ending in a \ is
69
70
71 The values following the equals sign in parameters are all
72 either a string (no quotes needed) or a boolean, which may
73 be given as yes/no, 0/1 or true/false. Case is not
74 significant in boolean values, but is preserved in string
75 values.
76 !!LAUNCHING THE RSYNC DAEMON
77
78
79 The rsync daemon is launched by specifying the --daemon
80 option to rsync.
81
82
83 The daemon must run with root privileges if you wish to use
84 chroot, to bind to a port numbered under 1024 (as is the
85 default 873), or to set file ownership. Otherwise, it must
86 just have permission to read and write the appropriate data,
87 log, and lock files.
88
89
90 You can launch it either via inetd or as a stand-alone
91 daemon. If run as a daemon then just run the command
92
93
94 When run via inetd you should add a line like this to
95 /etc/services:
96
97
98 rsync 873/tcp
99
100
101 and a single line something like this to
102 /etc/inetd.conf:
103
104
105 rsync stream tcp nowait root /usr/bin/rsync rsyncd
106 --daemon
107
108
109 Replace
110
111
112 Note that you should not send the rsync server a HUP signal
113 to force it to reread the /etc/rsyncd.conf. The
114 file is re-read on each client connection.
115 !!GLOBAL OPTIONS
116
117
118 The first parameters in the file (before a [[module] header)
119 are the global parameters.
120
121
122 You may also include any module parameters in the global
123 part of the config file in which case the supplied value
124 will override the default for that parameter.
125
126
127 __motd file__
128
129
130 The
131
132
133 __log file__
134
135
136 The
137
138
139 __pid file__
140
141
142 The
143
144
145 __syslog facility__
146
147
148 The
149
150
151 __socket options__
152
153
154 This option can provide endless fun for people who like to
155 tune their systems to the utmost degree. You can set all
156 sorts of socket options which may make transfers faster (or
157 slower!). Read the man page for the setsockopt() system call
158 for details on some of the options you may be able to set.
159 By default no special socket options are set.
160 !!MODULE OPTIONS
161
162
163 After the global options you should define a number of
164 modules, each module exports a directory tree as a symbolic
165 name. Modules are exported by specifying a module name in
166 square brackets [[module] followed by the options for that
167 module.
168
169
170 __comment__
171
172
173 The
174
175
176 __path__
177
178
179 The
180 /etc/rsyncd.conf.
181
182
183 __use chroot__
184
185
186 If
187
188
189 __max connections__
190
191
192 The
193
194
195 __lock file__
196
197
198 The
199 /var/run/rsyncd.lock.
200
201
202 __read only__
203
204
205 The
206
207
208 __list__
209
210
211 The
212
213
214 __uid__
215
216
217 The
218
219
220 __gid__
221
222
223 The
224
225
226 __exclude__
227
228
229 The
230
231
232 Note that this option is not designed with strong security
233 in mind, it is quite possible that a client may find a way
234 to bypass this exclude list. If you want to absolutely
235 ensure that certain files cannot be accessed then use the
236 uid/gid options in combination with file
237 permissions.
238
239
240 __exclude from__
241
242
243 The
244
245
246 __include__
247
248
249 The
250
251
252 See the section of exclude patterns in the rsync man page
253 for information on the syntax of this option.
254
255
256 __include from__
257
258
259 The
260
261
262 __auth users__
263
264
265 The
266
267
268 __secrets file__
269
270
271 The
272
273
274 There is no default for the
275 /etc/rsyncd.secrets). The file must normally not be
276 readable by
277
278
279 __strict modes__
280
281
282 The
283
284
285 __hosts allow__
286
287
288 The
289
290
291 Each pattern can be in one of five forms:
292
293
294 o
295
296
297 a dotted decimal IP address. In this case the incoming
298 machines IP address must match exactly.
299
300
301 o
302
303
304 a address/mask in the form a.b.c.d/n were n is the number of
305 one bits in in the netmask. All IP addresses which match the
306 masked IP address will be allowed in.
307
308
309 o
310
311
312 a address/mask in the form a.b.c.d/e.f.g.h where e.f.g.h is
313 a netmask in dotted decimal notation. All IP addresses which
314 match the masked IP address will be allowed in.
315
316
317 o
318
319
320 a hostname. The hostname as determined by a reverse lookup
321 will be matched (case insensitive) against the pattern. Only
322 an exact match is allowed in.
323
324
325 o
326
327
328 a hostname pattern using wildcards. These are matched using
329 the same rules as normal unix filename matching. If the
330 pattern matches then the client is allowed in.
331
332
333 You can also combine
334
335
336 The default is no
337
338
339 __hosts deny__
340
341
342 The
343
344
345 The default is no
346
347
348 __ignore errors__
349
350
351 The
352
353
354 __ignore nonreadable__
355
356
357 This tells the rsync server to completely ignore files that
358 are not readable by the user. This is useful for public
359 archives that may have some non-readable files among the
360 directories, and the sysadmin doesnt want those files to be
361 seen at all.
362
363
364 __transfer logging__
365
366
367 The
368
369
370 __log format__
371
372
373 The
374
375
376 The prefixes that are understood are:
377
378
379 o
380
381
382 %h for the remote host name
383
384
385 o
386
387
388 %a for the remote IP address
389
390
391 o
392
393
394 %l for the length of the file in bytes
395
396
397 o
398
399
400 %p for the process id of this rsync session
401
402
403 o
404
405
406 %o for the operation, which is either
407
408
409 o
410
411
412 %f for the filename
413
414
415 o
416
417
418 %P for the module path
419
420
421 o
422
423
424 %m for the module name
425
426
427 o
428
429
430 %t for the current date time
431
432
433 o
434
435
436 %u for the authenticated username (or the null
437 string)
438
439
440 o
441
442
443 %b for the number of bytes actually transferred
444
445
446 o
447
448
449 %c when sending files this gives the number of checksum
450 bytes received for this file
451
452
453 The default log format is
454
455
456 A perl script called rsyncstats to summarize this format is
457 included in the rsync source code distribution.
458
459
460 __timeout__
461
462
463 The
464
465
466 __refuse options__
467
468
469 The
470
471
472 __dont compress__
473
474
475 The
476
477
478 The
479
480
481 The default setting is
482
483
484 *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
485 !!AUTHENTICATION STRENGTH
486
487
488 The authentication protocol used in rsync is a 128 bit MD4
489 based challenge response system. Although I believe that no
490 one has ever demonstrated a brute-force break of this sort
491 of system you should realize that this is not a
492
493
494 Also note that the rsync server protocol does not currently
495 provide any encryption of the data that is transferred over
496 the link. Only authentication is provided. Use ssh as the
497 transport if you want encryption.
498
499
500 Future versions of rsync may support SSL for better
501 authentication and encryption, but that is still being
502 investigated.
503 !!EXAMPLES
504
505
506 A simple rsyncd.conf file that allow anonymous rsync to a
507 ftp area at /home/ftp would be:
508
509
510 [[ftp]
511 path = /home/ftp
512 comment = ftp export area
513
514
515 A more sophisticated example would be:
516
517
518 uid = nobody
519 gid = nobody
520 use chroot = no
521 max connections = 4
522 syslog facility = local5
523 pid file = /var/run/rsyncd.pid
524
525
526 [[ftp]
527 path = /var/ftp/pub
528 comment = whole ftp area (approx 6.1 GB)
529 [[sambaftp]
530 path = /var/ftp/pub/samba
531 comment = Samba ftp area (approx 300 MB)
532 [[rsyncftp]
533 path = /var/ftp/pub/rsync
534 comment = rsync ftp area (approx 6 MB)
535 [[sambawww]
536 path = /public_html/samba
537 comment = Samba WWW pages (approx 240 MB)
538 [[cvs]
539 path = /data/cvs
540 comment = CVS repository (requires authentication)
541 auth users = tridge, susan
542 secrets file = /etc/rsyncd.secrets
543
544
545 The /etc/rsyncd.secrets file would look something like
546 this:
547
548
549 tridge:mypass
550 susan:herpass
551 !!FILES
552
553
554 /etc/rsyncd.conf
555 !!SEE ALSO
556
557
558 rsync(1)
559 !!DIAGNOSTICS
560 !!BUGS
561
562
563 The rsync server does not send all types of error messages
564 to the client. this means a client may be mystified as to
565 why a transfer failed. The error will have been logged by
566 syslog on the server.
567
568
569 Please report bugs! The rsync bug tracking system is online
570 at http://rsync.samba.org/
571 !!VERSION
572
573
574 This man page is current for version 2.0 of
575 rsync
576 !!CREDITS
577
578
579 rsync is distributed under the GNU public license. See the
580 file COPYING for details.
581
582
583 The primary ftp site for rsync is
584 ftp://rsync.samba.org/pub/rsync.
585
586
587 A WEB site is available at
588 http://rsync.samba.org/
589
590
591 We would be delighted to hear from you if you like this
592 program.
593
594
595 This program uses the zlib compression library written by
596 Jean-loup Gailly and Mark Adler.
597 !!THANKS
598
599
600 Thanks to Warren Stanley for his original idea and patch for
601 the rsync server. Thanks to Karsten Thygesen for his many
602 suggestions and documentation!
603 !!AUTHOR
604
605
606 rsync was written by Andrew Tridgell and Paul Mackerras.
607 They may be contacted via email at tridge@samba.org and
608 Paul.Mackerras@cs.anu.edu.au
609 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.