[path] & module options with SSH

[Daniel Ouellet]

So, I guess this is the answer to my question as to why the config wasn't
limiting the users.

Great, thanks for that answer, but this still leave me with how can I limit
access to specific portion of the file system as I put in my email to make
sure the users only access what I would like them to access via rsync other
then having to change the right of each users on the server side of the
connection?

Now as to -daemon and ssh not working together. You may be right, I don't
know. I discover rsyn just two days ago. SO, I don't know much about it yet,
just plenty of reading, trial and error you may say!

Am I understanding you correctly when you say ssh and -daemon are not
working together when you use the :: syntax or are you saying that they just
don't period regardless of : or ::?

Because, I do not have RSH, only SSH on my server and it does work for me. I
do have to use the SSH Verion 2 as I wasn't able to do it with the version 1
and I use DSA not RSA.

When I setup my box to use the daemon and have my cron on the client, I
generate my key with:

ssh-keygen -t dsa

Is that help.

I am not trying to make a debate at all, I would like to understand it
right.

You are 100% right as to the ::. That I wasn't able to and that's why in my
email I did put the : and ask if there was a problem with SSH and rsync.

I can tell you that it does work with : but not with ::, that I knock my
head on it a lot two night ago! So, do you provide me the answer here as to
why. Thanks!

Finally, when you say that the -daemon doesn't see the rsync.conf, you mean
the module portions right? As I just test it and if I change:

log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
read only=yes
uid=nobody
gid=nobody

to

log file = /var/log/rsyncd.logss
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
read only=yes
uid=nobody
gid=nobody

for the test, then the log file use rsyncd.logss and I see inside:

webfarm1# more /var/log/rsyncd.logss
2002/02/06 11:57:30 [12838] rsyncd version 2.5.2 starting, listening on port
873

So, I am not sure that I follow up 100% yet.

I would appreciate if you would take a bit of your time to put light on this
for me if you have time of course!

Many thanks for your help!

Daniel


-----Original Message-----
From: rsync-admin at lists.samba.org [mailto:rsync-admin at lists.samba.org]On
Behalf Of Dave Dykstra
Sent: Wednesday, February 06, 2002 9:56 AM
To: Daniel Ouellet
Cc: rsync at lists.samba.org
Subject: Re: [path] & module options with SSH


rsync --daemon and ssh do not currently work together at all.  If you use
the syntax "hostname::module", rsync ignores the '-e ssh'.  It sounds like
you are not using the double-colon syntax so rsyncd.conf is ignored.
Someone has posted a patch that enable the two to work together but it
hasn't yet been integrated.

- Dave Dykstra


On Tue, Feb 05, 2002 at 08:45:52PM -0500, Daniel Ouellet wrote:
> Hi,
>
> I am running rsync 2.5.2 and have a server running rsync --daemon over
ssh.
>
> Now, I read plenty of information on rsync, all the man & all the info on
> the rsync.samba.org + many other sites that for the most part all say the
> same with a few exceptions. Did search on google and even look at the marc
> lists. What I am looking for, unless I do not understand it and please
> correct me if that's the case, it look like that the module section would
be
> use to limit the access to specific users to a limit part of the files
> system. Example, if I have:
>
> [simple_path_name]
>    path = /rsync/files/here
>    comment = My Very Own Rsync Server
>    uid = nobody
>    gid = nobody
>    read only = no
>    list = yes
>    auth users = username
>    secrets file = /etc/rsyncd.secrets
>
> Then I would expect the users ( username) to have access only to my files
> inside the /rsync/files/here, but with ssh anyway, you have access to all
of
> it and only the user rights on the server will limit you. I don't know
under
> RSH if that's the same or not as I only have servers with SSH, so I didn't
> test that part out.
>
> Also, the hosts allow option if I put it in the global section to limit
> access to my box, is not recognize either.
>
> I can have: hosts allow 192.168.2.2 and obviously this is not a routable
IP
> and it is not my IP either, but I will still have access to the rsync
> server.
>
> So, in short, is there a place that would list the options that are not
> active under SSH?
>
> What I want to do is to limit access to some IP's, or block of IP under
SSH
> and also limit access to a portion of the files system as above. I
wouldn't
> mind if the auth users is not used as SSH is find for that, but I sure
would
> love if I could have limit on the files system and as a bonus if the auth
> users would recognize the user that sign up via SSH and provide access to
> the path only. Obviously the secrets file wouldn't be use in the SSH case,
> but would be use only to limit access per users.
>
> So, is that make sense or am I way off in the understanding of the system
> and the intention behind the module portion.
>
> As a last question, this is not a big deal, but I was curious as if anyone
> would know of an option that would only send out the actual name&path of
the
> files transfer without the final small stats and not show the portion
where
> you get the initial directory list. The reason why I am asking is that if
> so, I could plug the output of it to MySQL and log the files transfer for
> audit reason.
>
> Many thanks for your help and time!
>
> Daniel
>
>
>