remote starting dir failsafe ?

Wayne Davison wayned at
Sat Mar 1 03:13:43 GMT 2008

On Fri, Feb 29, 2008 at 02:14:20PM -0800, Juri Mianovich wrote:
> I lay awake at night wondering what would happen if
> someone plugged in a broken $destination, and my
> nightly rsync proceeded to delete everything on the
> destination ...

You can make your script validate the args before using them. E.g.:

case "$destination" in
*\ *) echo 'no spaces allowed'; exit 1 ;;
/home/users/*) ;; # OK
*) echo 'dest not in /home/users'; exit 1 ;;

In rsync 3, you can use the --protect-args option to ensure that no
space-splitting of filenames/dirnames accidentally happens (since it
sends most of the args over the socket after the remote rsync starts).

And, as Matt pointed out, using an rsync daemon module can also help.


More information about the rsync mailing list