--exclude-from works but "exclude from" in rsyncd.conf doesn't ?

jw schultz jw at pegasys.ws
Sat May 10 13:02:08 EST 2003 

On Fri, May 09, 2003 at 07:33:50PM -0700, Wayne Davison wrote:
> On Fri, May 09, 2003 at 05:13:27PM -0400, Carson Gaspar wrote:
> > Except it doesn't always, because the server doesn't canonicalize pathnames 
> > when a client requests a file via rsync::
> 
> Thanks for reminding me of this bug.  I've created a patch that fixes
> the problem.  This is relative to the CVS version:
> 
>     http://www.blorf.net/rsync-daemon-exclude.patch
> 
> When specifying daemon exclusions, you still need to be extra careful to
> make your excludes more powerful than normal.  For instance.  If you
> just say this, it won't be enough:
> 
> - /foo/
> - /bar/baz/
> 
> This will stop the user's request if they ask for host::module/foo or
> host::module/bar/baz, but if they add even just a trailing slash, rsync
> will start matching /foo/FILE names, and that doesn't match the
> exclusion.
> 
> What you need to specify is this:
> 
> - /foo/
> - /foo/**
> - /bar/baz/
> - /bar/baz/**
> 
> Doing that will make it impossible for the user to access any of the
> excluded directories, no matter how the user tries to reference them.

s/access/download/

This option set is pretty well broken.  I'll acknowledge the
value in canonicalising it but unless it is changed to
really have behave like the command-line options i have my
doubts of the value of the effort.  Having the behaviour of
directory entries differ as this patch does seems awkward.

I can see two ways of fixing this.  Both still depend on
canonicalisation.

The first, is to have this list sent to the client for
uploads.  I don't much care for this option.  It presumes a
good way to merge this into a client supplied list and i
don't think there is one.

Better is for the server to apply this exclude list
independently from the client supplied one such that
exclusion in either list will apply.

For downloads flist would check both lists.  For uploads
generator would check this list.


-- 
________________________________________________________________
	J.W. Schultz            Pegasystems Technologies
	email address:		jw at pegasys.ws

		Remember Cernan and Schmitt

More information about the rsync mailing list