[path] & module options with SSH

Daniel Ouellet daniel at presscom.net
Wed Feb 6 12:45:52 EST 2002 

Hi,

I am running rsync 2.5.2 and have a server running rsync --daemon over ssh.

Now, I read plenty of information on rsync, all the man & all the info on
the rsync.samba.org + many other sites that for the most part all say the
same with a few exceptions. Did search on google and even look at the marc
lists. What I am looking for, unless I do not understand it and please
correct me if that's the case, it look like that the module section would be
use to limit the access to specific users to a limit part of the files
system. Example, if I have:

[simple_path_name]
   path = /rsync/files/here
   comment = My Very Own Rsync Server
   uid = nobody
   gid = nobody
   read only = no
   list = yes
   auth users = username
   secrets file = /etc/rsyncd.secrets

Then I would expect the users ( username) to have access only to my files
inside the /rsync/files/here, but with ssh anyway, you have access to all of
it and only the user rights on the server will limit you. I don't know under
RSH if that's the same or not as I only have servers with SSH, so I didn't
test that part out.

Also, the hosts allow option if I put it in the global section to limit
access to my box, is not recognize either.

I can have: hosts allow 192.168.2.2 and obviously this is not a routable IP
and it is not my IP either, but I will still have access to the rsync
server.

So, in short, is there a place that would list the options that are not
active under SSH?

What I want to do is to limit access to some IP's, or block of IP under SSH
and also limit access to a portion of the files system as above. I wouldn't
mind if the auth users is not used as SSH is find for that, but I sure would
love if I could have limit on the files system and as a bonus if the auth
users would recognize the user that sign up via SSH and provide access to
the path only. Obviously the secrets file wouldn't be use in the SSH case,
but would be use only to limit access per users.

So, is that make sense or am I way off in the understanding of the system
and the intention behind the module portion.

As a last question, this is not a big deal, but I was curious as if anyone
would know of an option that would only send out the actual name&path of the
files transfer without the final small stats and not show the portion where
you get the initial directory list. The reason why I am asking is that if
so, I could plug the output of it to MySQL and log the files transfer for
audit reason.

Many thanks for your help and time!

Daniel

More information about the rsync mailing list