strip setuid/setgid bits on backup (was Re: small security-related rsync extension)

Martin Pool mbp at
Thu Jul 11 19:11:02 EST 2002

On  8 Jul 2002, Dave Dykstra <dwd at> wrote:
> The idea of the rsync client executing programs has been descussed before
> and rejected because it could easily be done by an external program if
> rsync simply passes it filenames.  The only case I can see for having rsync
> execute programs is in the daemon; that was once approved in principle but
> nobody every implemented it.
> What we need, have long wanted, and even once had someone volunteer for
> (but it was never completed), is a major upgrade to the --log-format option
> to allow a lot more flexibility in what gets printed, and to have it work
> consistently with and without --dry-run.  This would work too with lots of
> files because the names get streamed out as they're processed.  See for
> example the thread around

I'm pretty sure I'm with Dave on this.  

I think it would be reasonable when over ssh to have a way to run a
script on the remote machine, and have that script also get a copy of
the log.


More information about the rsync mailing list