--exclude-from works but "exclude from" in rsyncd.conf doesn't ?

jw schultz jw at pegasys.ws
Sat May 10 21:17:11 EST 2003

On Sat, May 10, 2003 at 03:49:10AM -0700, Wayne Davison wrote:
> On Sat, May 10, 2003 at 02:18:02AM -0700, jw schultz wrote:
> > You seem to be talking about server-side "exclude" /a/ with a
> > command-line location of "server::module/a/b/c" where the whole
> > location should be barred.
> Yes.  In this case the recursion code never even checks the /a/ dir
> since it started scanning down in /a/b/.  I've just fixed this to work
> without the extra "- /kludge/**" lines my previous patch required.
> It's named the same as before:
>     http://www.blorf.net/rsync-daemon-exclude.patch
> The fix I chose was to weed out excluded args by matching them a subdir
> at a time against the exclude patterns.  The result seems to work great.
> > I'm also concerned about a server-side specified "exclude /a/b/c/d/e"
> > with a command-line location "server::module/a/b/c".
> That was fixed in my first patch.  The fix I chose is to expand all
> config-specified values to a fully-qualified path, and to extend the
> matching code to prefix relative names with the current directory when
> it is compared against these absolute-path match values.  My latest
> patch is slightly better than the first one in that it should handle
> chroot mode now (though I haven't yet tested that to be sure).

Terif! At least we will close the hole.

Just to check, the absolute-path stuff doesn't allow path
components outside of the module to be reported in any
diagnostic/verbose messages, yes?  People likely to be using
this function may be that paranoid.

> > So far as i can see the lists are not independent.  For downloads the
> > client-supplied list seems to be appended to the list from the
> > rsyncd.conf file.
> Oh yeah, I see what you mean now.  If the server list does an include of
> a filename, then the user's exclude of the filename would be ignored in
> the appended list.  Drat.  This is even more broken than I thought.

I'm not entirely sure i'm looking in the right place but at
least as an example, looking at check_exclude_file() in

        if (check_exclude(fname, local_exclude_list, st)) {
                return 1;
would be preceeded or followed by
        if (server_exclude_list && check_exclude(fname, server_exclude_list, st)) {
                return 1;

so a file would have to not be excluded by either list to

Of course this only deals with downloads.  Upload exclusion
probably needs to be in generator.c.  Having the server-side
patterns in a seperate list will make conditionalising the
tests clean.

> > > Uploads are currently unaffected by the server-side {ex,in}clude
> > > restrictions.  I'm planning to look into fixing that as well.
> > 
> > It looks like a lot of work to get right.
> Yeah, looks to be that way.  I think my current patch is a step in the
> right direction since it at least plugs the huge, gaping hole in the
> exclude list when the server tries to weed out subdirs in a directory
> tree.  If the rest proves too complicated, we should at least commit a
> fix for this problem (once it has been tested and approved).

You know this part of the code much better than i.  Hey, i
don't even use rsyncd; just ssh and occasionally local.

	J.W. Schultz            Pegasystems Technologies
	email address:		jw at pegasys.ws

		Remember Cernan and Schmitt

More information about the rsync mailing list