View Source: rsyncd.conf(5) - Waikato Linux Users Group

Edit PageHistory Diff Info LikePages
rsyncd.conf
!!!rsyncd.conf
NAME
SYNOPSIS
DESCRIPTION
FILE FORMAT
LAUNCHING THE RSYNC DAEMON
GLOBAL OPTIONS
MODULE OPTIONS
AUTHENTICATION STRENGTH
EXAMPLES
FILES
SEE ALSO
DIAGNOSTICS
BUGS
VERSION
CREDITS
THANKS
AUTHOR
----
!!NAME


rsyncd.conf - configuration file for rsync server
!!SYNOPSIS


rsyncd.conf
!!DESCRIPTION


The rsyncd.conf file is the runtime configuration file for
rsync when run with the --daemon option. When run in this
way rsync becomes a rsync server listening on TCP port 873.
Connections from rsync clients are accepted for either
anonymous or authenticated rsync sessions.


The rsyncd.conf file controls authentication, access,
logging and available modules.
!!FILE FORMAT


The file consists of modules and parameters. A module begins
with the name of the module in square brackets and continues
until the next module begins. Modules contain parameters of
the form name = value.


The file is line-based - that is, each newline-terminated
line represents either a comment, a module name or a
parameter.


Only the first equals sign in a parameter is significant.
Whitespace before or after the first equals sign is
discarded. Leading, trailing and internal whitespace in
module and parameter names is irrelevant. Leading and
trailing whitespace in a parameter value is discarded.
Internal whitespace within a parameter value is retained
verbatim.


Any line beginning with a hash (#) is ignored, as are lines
containing only whitespace.


Any line ending in a \ is


The values following the equals sign in parameters are all
either a string (no quotes needed) or a boolean, which may
be given as yes/no, 0/1 or true/false. Case is not
significant in boolean values, but is preserved in string
values.
!!LAUNCHING THE RSYNC DAEMON


The rsync daemon is launched by specifying the --daemon
option to rsync.


The daemon must run with root privileges if you wish to use
chroot, to bind to a port numbered under 1024 (as is the
default 873), or to set file ownership. Otherwise, it must
just have permission to read and write the appropriate data,
log, and lock files.


You can launch it either via inetd or as a stand-alone
daemon. If run as a daemon then just run the command


When run via inetd you should add a line like this to
/etc/services:


rsync 873/tcp


and a single line something like this to
/etc/inetd.conf:


rsync stream tcp nowait root /usr/bin/rsync rsyncd
--daemon


Replace


Note that you should not send the rsync server a HUP signal
to force it to reread the /etc/rsyncd.conf. The
file is re-read on each client connection.
!!GLOBAL OPTIONS


The first parameters in the file (before a [[module] header)
are the global parameters.


You may also include any module parameters in the global
part of the config file in which case the supplied value
will override the default for that parameter.


__motd file__


The


__log file__


The


__pid file__


The


__syslog facility__


The


__socket options__


This option can provide endless fun for people who like to
tune their systems to the utmost degree. You can set all
sorts of socket options which may make transfers faster (or
slower!). Read the man page for the setsockopt() system call
for details on some of the options you may be able to set.
By default no special socket options are set.
!!MODULE OPTIONS


After the global options you should define a number of
modules, each module exports a directory tree as a symbolic
name. Modules are exported by specifying a module name in
square brackets [[module] followed by the options for that
module.


__comment__


The


__path__


The
/etc/rsyncd.conf.


__use chroot__


If


__max connections__


The


__lock file__


The
/var/run/rsyncd.lock.


__read only__


The


__list__


The


__uid__


The


__gid__


The


__exclude__


The


Note that this option is not designed with strong security
in mind, it is quite possible that a client may find a way
to bypass this exclude list. If you want to absolutely
ensure that certain files cannot be accessed then use the
uid/gid options in combination with file
permissions.


__exclude from__


The


__include__


The


See the section of exclude patterns in the rsync man page
for information on the syntax of this option.


__include from__


The


__auth users__


The


__secrets file__


The


There is no default for the
/etc/rsyncd.secrets). The file must normally not be
readable by


__strict modes__


The


__hosts allow__


The


Each pattern can be in one of five forms:


o


a dotted decimal IP address. In this case the incoming
machines IP address must match exactly.


o


a address/mask in the form a.b.c.d/n were n is the number of
one bits in in the netmask. All IP addresses which match the
masked IP address will be allowed in.


o


a address/mask in the form a.b.c.d/e.f.g.h where e.f.g.h is
a netmask in dotted decimal notation. All IP addresses which
match the masked IP address will be allowed in.


o


a hostname. The hostname as determined by a reverse lookup
will be matched (case insensitive) against the pattern. Only
an exact match is allowed in.


o


a hostname pattern using wildcards. These are matched using
the same rules as normal unix filename matching. If the
pattern matches then the client is allowed in.


You can also combine


The default is no


__hosts deny__


The


The default is no


__ignore errors__


The


__ignore nonreadable__


This tells the rsync server to completely ignore files that
are not readable by the user. This is useful for public
archives that may have some non-readable files among the
directories, and the sysadmin doesnt want those files to be
seen at all.


__transfer logging__


The


__log format__


The


The prefixes that are understood are:


o


%h for the remote host name


o


%a for the remote IP address


o


%l for the length of the file in bytes


o


%p for the process id of this rsync session


o


%o for the operation, which is either


o


%f for the filename


o


%P for the module path


o


%m for the module name


o


%t for the current date time


o


%u for the authenticated username (or the null
string)


o


%b for the number of bytes actually transferred


o


%c when sending files this gives the number of checksum
bytes received for this file


The default log format is


A perl script called rsyncstats to summarize this format is
included in the rsync source code distribution.


__timeout__


The


__refuse options__


The


__dont compress__


The


The


The default setting is


*.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
!!AUTHENTICATION STRENGTH


The authentication protocol used in rsync is a 128 bit MD4
based challenge response system. Although I believe that no
one has ever demonstrated a brute-force break of this sort
of system you should realize that this is not a


Also note that the rsync server protocol does not currently
provide any encryption of the data that is transferred over
the link. Only authentication is provided. Use ssh as the
transport if you want encryption.


Future versions of rsync may support SSL for better
authentication and encryption, but that is still being
investigated.
!!EXAMPLES


A simple rsyncd.conf file that allow anonymous rsync to a
ftp area at /home/ftp would be:


[[ftp]
path = /home/ftp
comment = ftp export area


A more sophisticated example would be:


uid = nobody
gid = nobody
use chroot = no
max connections = 4
syslog facility = local5
pid file = /var/run/rsyncd.pid


[[ftp]
path = /var/ftp/pub
comment = whole ftp area (approx 6.1 GB)
[[sambaftp]
path = /var/ftp/pub/samba
comment = Samba ftp area (approx 300 MB)
[[rsyncftp]
path = /var/ftp/pub/rsync
comment = rsync ftp area (approx 6 MB)
[[sambawww]
path = /public_html/samba
comment = Samba WWW pages (approx 240 MB)
[[cvs]
path = /data/cvs
comment = CVS repository (requires authentication)
auth users = tridge, susan
secrets file = /etc/rsyncd.secrets


The /etc/rsyncd.secrets file would look something like
this:


tridge:mypass
susan:herpass
!!FILES


/etc/rsyncd.conf
!!SEE ALSO


rsync(1)
!!DIAGNOSTICS
!!BUGS


The rsync server does not send all types of error messages
to the client. this means a client may be mystified as to
why a transfer failed. The error will have been logged by
syslog on the server.


Please report bugs! The rsync bug tracking system is online
at http://rsync.samba.org/
!!VERSION


This man page is current for version 2.0 of
rsync
!!CREDITS


rsync is distributed under the GNU public license. See the
file COPYING for details.


The primary ftp site for rsync is
ftp://rsync.samba.org/pub/rsync.


A WEB site is available at
http://rsync.samba.org/


We would be delighted to hear from you if you like this
program.


This program uses the zlib compression library written by
Jean-loup Gailly and Mark Adler.
!!THANKS


Thanks to Warren Stanley for his original idea and patch for
the rsync server. Thanks to Karsten Thygesen for his many
suggestions and documentation!
!!AUTHOR


rsync was written by Andrew Tridgell and Paul Mackerras.
They may be contacted via email at tridge@samba.org and
Paul.Mackerras@cs.anu.edu.au
----
2 pages link to rsyncd.conf(5):
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.
Last edited on Monday, June 3, 2002 6:56:01 pm by "perry"
Edit PageHistory Diff Info LikePages