[SCM] The rsync repository. - branch master updated

Rsync CVS commit messages rsync-cvs at lists.samba.org
Wed Jul 1 17:39:31 UTC 2020 

The branch, master has been updated
       via  ce12142c Don't set systemd ProtectHome=on by default.
      from  c83a81ca Move name exceptions into the txt file.

https://git.samba.org/?p=rsync.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ce12142c459788b611da5f5d525e0486822b043a
Author: Wayne Davison <wayne at opencoder.net>
Date:   Wed Jul 1 10:40:02 2020 -0700

    Don't set systemd ProtectHome=on by default.

-----------------------------------------------------------------------

Summary of changes:
 NEWS.md                          | 10 ++++++++++
 packaging/systemd/rsync.service  |  2 +-
 packaging/systemd/rsync at .service |  2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/NEWS.md b/NEWS.md
index 2b192b38..e30d9903 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -39,6 +39,11 @@ Protocol: 31 (unchanged)
    also allows you to specify the value via the RSYNC_MAX_ALLOC environment
    variable.
 
+ - The default systemd config was changed to remove the `ProtectHome=on`
+   setting since rsync is often used to serve files in /home and this seemed a
+   bit too strict.  Feel free to use `systemctl edit rsync` to add that
+   restriction to your own setup, if you like.
+
  - The memory allocation functions now automatically check for a failure and
    die when out of memory.  This eliminated some caller-side check-and-die
    code and added some missing sanity-checking of allocations.
@@ -98,6 +103,11 @@ Protocol: 31 (unchanged)
 
 ### ENHANCEMENTS:
 
+ - The default systemd config was made a bit stricter by default.  For
+   instance, `ProtectHome=on` was added.  You can override this using the
+   standard `systemctl edit rsync` and add a line to turn that off under a
+   `[Service]` heading.
+
  - The use of `--backup-dir=STR` now implies `--backup`.
 
  - Added `--zl=NUM` as a short-hand for `--compress-level=NUM`.
diff --git a/packaging/systemd/rsync.service b/packaging/systemd/rsync.service
index fafe72b3..5955db9e 100644
--- a/packaging/systemd/rsync.service
+++ b/packaging/systemd/rsync.service
@@ -23,7 +23,7 @@ RestartSec=1
 # See systemd.unit(5) and search for "drop-in" for full details.
 
 ProtectSystem=full
-ProtectHome=on
+#ProtectHome=on
 PrivateDevices=on
 NoNewPrivileges=on
 
diff --git a/packaging/systemd/rsync at .service b/packaging/systemd/rsync at .service
index e1f48da8..3168cb61 100644
--- a/packaging/systemd/rsync at .service
+++ b/packaging/systemd/rsync at .service
@@ -23,6 +23,6 @@ StandardError=journal
 # See systemd.unit(5) and search for "drop-in" for full details.
 
 ProtectSystem=full
-ProtectHome=on
+#ProtectHome=on
 PrivateDevices=on
 NoNewPrivileges=on


-- 
The rsync repository.

More information about the rsync-cvs mailing list