[path] & module options with SSH

Dave Dykstra dwd at bell-labs.com
Thu Feb 7 04:12:16 EST 2002 

On Wed, Feb 06, 2002 at 12:04:49PM -0500, Daniel Ouellet wrote:
> So, I guess this is the answer to my question as to why the config wasn't
> limiting the users.
> 
> Great, thanks for that answer, but this still leave me with how can I limit
> access to specific portion of the file system as I put in my email to make
> sure the users only access what I would like them to access via rsync other
> then having to change the right of each users on the server side of the
> connection?

JD Paul's patch which I previously referred to will give you what you want.


> Now as to -daemon and ssh not working together. You may be right, I don't
> know. I discover rsyn just two days ago. SO, I don't know much about it yet,
> just plenty of reading, trial and error you may say!
> 
> Am I understanding you correctly when you say ssh and -daemon are not
> working together when you use the :: syntax or are you saying that they just
> don't period regardless of : or ::?

":" syntax uses rsh (or ssh if you use -e ssh) to run another copy of the
rsync program on the remote side.  "::" syntax skips that completely,
ignores -e, and instead connects to a daemon separately started to listen
on port 873 on the remote host.  In the future, when JD Paul's patch is
accepted, the expectation will be that if you use "::" and "-e ssh"
together it will still use ssh to connect but it will run rsync -daemon
interactively so it can honor your rsyncd.conf.  

Does that make it clear?


> Because, I do not have RSH, only SSH on my server and it does work for me. I
> do have to use the SSH Verion 2 as I wasn't able to do it with the version 1
> and I use DSA not RSA.

That doesn't matter; "::" syntax bypasses both RSH and SSH.


> When I setup my box to use the daemon and have my cron on the client, I
> generate my key with:
> 
> ssh-keygen -t dsa
> 
> Is that help.
> 
> I am not trying to make a debate at all, I would like to understand it
> right.
> 
> You are 100% right as to the ::. That I wasn't able to and that's why in my
> email I did put the : and ask if there was a problem with SSH and rsync.
> 
> I can tell you that it does work with : but not with ::, that I knock my
> head on it a lot two night ago! So, do you provide me the answer here as to
> why. Thanks!
> 
> Finally, when you say that the -daemon doesn't see the rsync.conf, you mean
> the module portions right? As I just test it and if I change:
> 
> log file = /var/log/rsyncd.log
> pid file = /var/run/rsyncd.pid
> lock file = /var/run/rsync.lock
> read only=yes
> uid=nobody
> gid=nobody
> 
> to
> 
> log file = /var/log/rsyncd.logss
> pid file = /var/run/rsyncd.pid
> lock file = /var/run/rsync.lock
> read only=yes
> uid=nobody
> gid=nobody
> 
> for the test, then the log file use rsyncd.logss and I see inside:
> 
> webfarm1# more /var/log/rsyncd.logss
> 2002/02/06 11:57:30 [12838] rsyncd version 2.5.2 starting, listening on port
> 873
> 
> So, I am not sure that I follow up 100% yet.


The --daemon is seeing the rsyncd.conf, but the client never talks to
that process if you're using the ":" syntax.

- Dave Dykstra

More information about the rsync mailing list