remote logging non-daemon mode

Doug Lochart dlochart at
Fri Dec 7 19:29:22 GMT 2007


Questions for you based on your earlier response

> Anyway, it's easy do a secure rsync daemon setup with ssh connections
> and authentication.  Make a separate daemon configuration file for each
> user listing only the modules he/she is allowed to access.  Then set
> each user's forced command to invoke a single-use daemon with the
> appropriate configuration file ("rsync --daemon --server
> --config=<rsyncd-user.conf> .").  The situation for multiple single-use
> daemons sharing a single log file is exactly the same as for multiple
> concurrent connections to a background daemon: lines of output get
> intermingled, but nothing terrible happens.

I am going to take this approach and mix it with something else I thought of
but I still have a few questions.  I am playing with am rsync_wrapper script
that makes sure that only rsync commands are executed within the SSH shell.
I adapted the one on the rsync site.  You mention  "each user's forced
command".  When you say this are you referring to the client side rsync
command OR forcing the issue within an rsync_wrapper script?

What I really would like to do is remove some of the stuff on the client
side and simply embellish the server side rsync command within the
rsync_wrapper.  I  would also like to point the server to  the rsync module
for that client .

So basically if this acme across to in SSH_ORIGINAL_COMMAND for user foo

  rsync --log-file=/tmp/rlog --server -vlogDtpr --log-format=%o . /data/foo

I would manipulate the command to do this:

  rsync --log-file=/tmp/rlog --daemon --server -vlogDtpr
--config=/home/foo/rsyncd.conf --log-format=%o . /data/foo

Can this be done OR do you recommend passing the --daemon in the
--rsync-path option from the client?

> You don't have to write a separate configuration file for each user
> manually.  You can force a script that generates a configuration file
> specific to the user from a global template and provides the file to the
> daemon on one of its fds.  A better alternative might be to enhance
> rsync with a --client-user=USER daemon option that makes the daemon
> assume the client is USER without performing its own authentication
> protocol.  Then all the forced commands could use a single configuration
> file but pass different --client-user options.
> Matt

What profits a man if he gains the whole world yet loses his soul?
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the rsync mailing list