remote logging non-daemon mode

Doug Lochart dlochart at
Fri Dec 7 19:57:55 GMT 2007

Nevermind.  I figured it out after some trial and error.  Basically I have
my forced ssh command script intercepting the rsync call and setting the
parameters myself.

Thanks all of for your help.  I still may have more questions but so far it
is looking good!


On Dec 7, 2007 2:29 PM, Doug Lochart <dlochart at> wrote:

> Matt,
> Questions for you based on your earlier response
> >
> > Anyway, it's easy do a secure rsync daemon setup with ssh connections
> > and authentication.  Make a separate daemon configuration file for each
> > user listing only the modules he/she is allowed to access.  Then set
> > each user's forced command to invoke a single-use daemon with the
> > appropriate configuration file ("rsync --daemon --server
> > --config=<rsyncd-user.conf> .").  The situation for multiple single-use
> > daemons sharing a single log file is exactly the same as for multiple
> > concurrent connections to a background daemon: lines of output get
> > intermingled, but nothing terrible happens.
> >
> I am going to take this approach and mix it with something else I thought
> of but I still have a few questions.  I am playing with am rsync_wrapper
> script that makes sure that only rsync commands are executed within the SSH
> shell.  I adapted the one on the rsync site.  You mention  "each user's
> forced command".  When you say this are you referring to the client side
> rsync command OR forcing the issue within an rsync_wrapper script?
> What I really would like to do is remove some of the stuff on the client
> side and simply embellish the server side rsync command within the
> rsync_wrapper.  I  would also like to point the server to  the rsync module
> for that client .
> So basically if this acme across to in SSH_ORIGINAL_COMMAND for user foo
>   rsync --log-file=/tmp/rlog --server -vlogDtpr --log-format=%o .
> /data/foo
> I would manipulate the command to do this:
>   rsync --log-file=/tmp/rlog --daemon --server -vlogDtpr
> --config=/home/foo/rsyncd.conf --log-format=%o . /data/foo
> Can this be done OR do you recommend passing the --daemon in the
> --rsync-path option from the client?
> >
> > You don't have to write a separate configuration file for each user
> > manually.  You can force a script that generates a configuration file
> > specific to the user from a global template and provides the file to the
> > daemon on one of its fds.  A better alternative might be to enhance
> > rsync with a --client-user=USER daemon option that makes the daemon
> > assume the client is USER without performing its own authentication
> > protocol.  Then all the forced commands could use a single configuration
> > file but pass different --client-user options.
> >
> > Matt
> >
> >
> --
> What profits a man if he gains the whole world yet loses his soul?

What profits a man if he gains the whole world yet loses his soul?
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the rsync mailing list