trigger command on successful upload?

Jason Haar Jason.Haar at
Wed Jun 16 03:15:00 GMT 2004

On Tue, Jun 15, 2004 at 12:56:39PM -0700, Wayne Davison wrote:
> On Tue, Jun 15, 2004 at 11:56:12AM -0700, Robert Helmer wrote:
> > It is a potential security problem
> Yup, I was thinking the same thing.  One way to make your feature safer
> would be to turn it into a config-file setting (and leave the script

This whole idea smells of the Samba "postexec" style feature. If done, it
definitely should be only allowed to be defined within /etc/rsyncd.conf
(assuming rsync transport of course).


	preexec="/usr/local/bin/initialize /var/spool/backup/"
	postexec="/usr/local/bin/cleanup /var/spool/backup/"
	uid = root
That way it can run under whatever security context you define for that
given rsync "share".

Allowing the rsync client to define what remote command to run is 
WAAAAAY too insecure. Obviously, if they are running rsync over
rsh/ssh/other then a "--trigger-script=..." client option starts making
sense - but I can't see the point - you should just call that script after
doing the rsync job


rsync -xxxxx -e ssh src_dir remote:dst_share
ssh remote "/usr/local/bin/cleanup"

what's the difference?


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the rsync mailing list