Root privilege solution

Wayne Davison wayned at samba.org
Sun Jul 3 16:01:59 GMT 2005


On Tue, Jun 28, 2005 at 07:49:58AM -0400, Tinsley, Scott S. (ManTech) CTR wrote:
> Can a daemon version of rsync using the rsyncd.conf file be configured
> to only allow access to "modules" and no other part of the remote
> side's file system?

If you're accessing the daemon through a socket, then it automatically
only allows access to modules.  If you're accessing it via a remote
shell (e.g. ssh), then you need to configure the remote shell to limit
what the user can run.  See the rrsync script for an example of this:

    http://rsync.samba.org/ftp/unpacked/rsync/support/rrsync

That script is written to enforce control on a non-daemon-using rsync.
You'd want to change it (which would simply it a great deal) to only
allow the user to run the command "rsync --server --daemon .", which
would disallow any non-module use of that login (see the script's
comments for a general explanation of how to configure ssh to add a
restricted command to an authorized key).

..wayne..


More information about the rsync mailing list