<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Mar 11, 2022 at 10:22 PM Kevin Korb via rsync <<a href="mailto:rsync@lists.samba.org">rsync@lists.samba.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Rsync includes a script named rrsync that handles this perfectly.<br></blockquote><div><br></div><div>And authprogs provides similar functionality, though you use yaml to define what is/isn't allowed. However it does allow you to use one SSH identity for potentially many different source dirs rather than requiring a separate authorized_key entry for each forced command.</div><div><br></div><div>example:</div><div><font face="monospace"><br></font></div><div><font face="monospace">- rule_type: rsync<br> allow_donwload: true<br> allow_recursive: true<br> paths:<br> - /etc<br></font></div><div><font face="monospace"> - /srv/freezeray</font></div><div><font face="monospace"> path_startswith:</font></div><div><font face="monospace"> - /srv/web</font></div><div><br></div><div><a href="https://github.com/daethnir/authprogs/blob/main/doc/authprogs.md#rsync-subrules">https://github.com/daethnir/authprogs/blob/main/doc/authprogs.md#rsync-subrules</a><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
On 3/12/22 01:08, Richard Hector via rsync wrote:<br>
> On 12/03/22 18:38, Richard Hector via rsync wrote:<br>
>> And I do my backups (using dirvish) as root, using a key with a forced <br>
>> command.<br>
> <br>
> FWIW, that forced command is here:<br>
> <br>
> <a href="https://github.com/rwhector/dirvish-forced-command" rel="noreferrer" target="_blank">https://github.com/rwhector/dirvish-forced-command</a><br>
> <br>
> It's rather unpolished and undocumented, but comments very welcome :-)<br>
> <br>
> I've also had an issue due to some server-side-only arguments to rsync <br>
> being undocumented, which means I can't validate them, and basically <br>
> have to accept anything ... I'd love to know why this is or has to be <br>
> the case :-) I didn't get any particularly useful answers back in <br>
> January 2019 ...<br>
> <br>
> Cheers,<br>
> Richard<br>
> <br>
<br>
-- <br>
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,<br>
Kevin Korb Phone: (407) 252-6853<a href="http://voice.google.com/calls?a=nc,%2B14072526853" class="gv-tel-link" target="_blank" rel="noopener" title="Call +1 407-252-6853 via Google Voice"></a><br>
Systems Administrator Internet:<br>
FutureQuest, Inc. Kevin@FutureQuest.net (work)<br>
Orlando, Florida <a href="mailto:kmk@sanitarium.net" target="_blank">kmk@sanitarium.net</a> (personal)<br>
Web page: <a href="https://sanitarium.net/" rel="noreferrer" target="_blank">https://sanitarium.net/</a><br>
PGP public key available on web site.<br>
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,<br>
<br>
-- <br>
Please use reply-all for most replies to avoid omitting the mailing list.<br>
To unsubscribe or change options: <a href="https://lists.samba.org/mailman/listinfo/rsync" rel="noreferrer" target="_blank">https://lists.samba.org/mailman/listinfo/rsync</a><br>
Before posting, read: <a href="http://www.catb.org/~esr/faqs/smart-questions.html" rel="noreferrer" target="_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><span style="font-size:12.8px">Bri Hatch</span><br></div><div><br></div><div>"Quite mad, they say. It is good that Zathras does not mind. He's even grown<br> to like it. Oh yes."<span style="font-size:12.8px"><br></span></div></div></div></div>