trigger command on successful upload?
Jason Haar
Jason.Haar at trimble.co.nz
Wed Jun 16 03:15:00 GMT 2004
On Tue, Jun 15, 2004 at 12:56:39PM -0700, Wayne Davison wrote:
> On Tue, Jun 15, 2004 at 11:56:12AM -0700, Robert Helmer wrote:
> > It is a potential security problem
>
> Yup, I was thinking the same thing. One way to make your feature safer
> would be to turn it into a config-file setting (and leave the script
This whole idea smells of the Samba "postexec" style feature. If done, it
definitely should be only allowed to be defined within /etc/rsyncd.conf
(assuming rsync transport of course).
e.g.
[backup]
path=/var/spool/backup
preexec="/usr/local/bin/initialize /var/spool/backup/"
postexec="/usr/local/bin/cleanup /var/spool/backup/"
uid = root
That way it can run under whatever security context you define for that
given rsync "share".
Allowing the rsync client to define what remote command to run is
WAAAAAY too insecure. Obviously, if they are running rsync over
rsh/ssh/other then a "--trigger-script=..." client option starts making
sense - but I can't see the point - you should just call that script after
doing the rsync job
e.g.
rsync -xxxxx -e ssh src_dir remote:dst_share
ssh remote "/usr/local/bin/cleanup"
what's the difference?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the rsync
mailing list