Dynamic address problem

Matthew Simpson msimpson at market-research.com
Tue Apr 30 20:29:02 EST 2002


Hi Tim,

Just so I get this right....

In the /etc/rsyncd.conf on the server end I'll put:

##
uid = matt
gid = matt
#auth users = yes
secrets file = /etc/rsyncd.secrets

[apps]
auth users = apps
path=/home/apps
read only=false
[projects]
auth users = projects
path=/home/projects
read only=true
##

Format of /etc/rsyncd.secrets:
##
[apps]
triton at host.dyndns.org:abcd
[projects]
triton at host.dyndns.org:abcd
##

chmod 600 /etc/rsyncd.secrets

On the client side:

Under unix uid: simpson

##
rsync -options --password-file=~.rsyncpw apps at host.dyndns.org::apps /home/apps
rsync -options --password-file=~.rsyncpw 
projects at host.dyndns.org::projects /home/projects
##

or in ~simpson/.bash_profile: export RSYNC_PASSWORD=abcd

~.rsyncpw:
##
abcd
##


Will this work?

Thanks,

Matt


>Not every module as such, but every rsyncd user (these are independent of
>unix UID) has a seperately defined password, and furthermore, each module
>can specify its own list of authorized rsyncd users, as well as its own
>secrets file, so you can effectively accomplish what you want.  To make it
>easier to keep track, i'd suggest one big secrets file, containing module
>names and passwords, and for each module, make auth users = module name,
>so you users will then use
>modulename at server::modulename and either --password-file= or set
>RSYNC_PASSWORD appropriately.  Of course, it would probably be easier for
>all concerned to use a single secrets file with entries for each user you
>want to let in, then control each modules access by the auth users list.
>
>Tim Conway
>tim.conway at philips.com
>303.682.4917
>Philips Semiconductor - Longmont TC
>1880 Industrial Circle, Suite D
>Longmont, CO 80501
>Available via SameTime Connect within Philips, n9hmg on AIM
>perl -e 'print pack(nnnnnnnnnnnn,
>19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970),
>".\n" '
>"There are some who call me.... Tim?"
>
>
>
>
>Matthew Simpson <msimpson at market-research.com>
>Sent by: rsync-admin at lists.samba.org
>04/28/2002 05:05 AM
>
>
>         To:     Tim Conway/LMT/SC/PHILIPS at AMEC
>         cc:     rsync at lists.samba.org
>         Subject:        Re: Dynamic address problem
>         Classification:
>
>
>
>Hi Tim
>
>Sounds good, What would the best way to do this be? Can each module
>in the rsync.conf file have a different password? I noticed the
>--password-file directive for the client side, but how do I set the
>client side to ask for a password?
>
>Matt
>
>>How about switching to password authentication?  Makes you spoof-proof.
>>Anybody who can sniff your network to get the plaintext can probably
>spoof
>>your IP anyway, so you lose no security(probably gain a bit), and this
>>doesn't have to wait for dns registration to propogate.
>>
>>Tim Conway
>>tim.conway at philips.com
>>303.682.4917
>>Philips Semiconductor - Longmont TC
>>1880 Industrial Circle, Suite D
>>Longmont, CO 80501
>>Available via SameTime Connect within Philips, n9hmg on AIM
>>perl -e 'print pack(nnnnnnnnnnnn,
>>19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970),
>>".\n" '
>>"There are some who call me.... Tim?"
>>
>>
>>
>>
>>Michael Zimmermann <zim at vegaa.de>
>>Sent by: rsync-admin at lists.samba.org
>>04/24/2002 02:13 AM
>>
>>
>>          To:     Matthew Simpson <msimpson at market-research.com>
>>rsync at lists.samba.org
>>          cc:     (bcc: Tim Conway/LMT/SC/PHILIPS)
>>          Subject:        Re: Dynamic address problem
>>          Classification:
>>
>>
>>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>At Wednesday 24 April 2002 08:19 Matthew Simpson wrote:
>>>   We have clients which dynamic IPs which we have setup with
>>>   <host>.dyndns.org addresses. We  have added these to the rsync.conf
>>>   'hosts allow=" but they are being denied access..
>>
>>
>>I assume that this could be DNS-update (resp. -actuality) Problem.
>>Are you sure, that at the moment rsync is called, the server's
>>DNS-resolver delivers the correct IP?
>>
>>
>>Greetings
>>- --
>>Michael Zimmermann (Vegaa Safety and Security for Internet Services)
>  ><zim at vegaa.de>   phone +49 89 6283 7632    hotline +49 163 823 1195
>>Key fingerprint = 1E47 7B99 A9D3 698D 7E35  9BB5 EF6B EEDB 696D 5811
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.0.6 (GNU/Linux)
>>Comment: For info see http://www.gnupg.org
>>
>>iD8DBQE8xmku72vu22ltWBERAs8nAJ9e/d6YKhN2C6dS9gEUb3vTf0Qy+ACfScnQ
>>oFtr/HHD33pKfl1pp6LtvDY=
>>=CP1w
>>-----END PGP SIGNATURE-----
>>
>>
>>
>>
>>--
>>To unsubscribe or change options:
>>http://lists.samba.org/mailman/listinfo/rsync
>>Before posting, read:
>http://www.tuxedo.org/~esr/faqs/smart-questions.html
>
>
>--
>To unsubscribe or change options:
>http://lists.samba.org/mailman/listinfo/rsync
>Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
>
>
>
>
>--
>To unsubscribe or change options: 
>http://lists.samba.org/mailman/listinfo/rsync
>Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html





More information about the rsync mailing list