Why is -e sent to the remote rsync side?
Shachar Shemesh
shachar at shemesh.biz
Mon Oct 6 16:01:46 GMT 2008
Wayne Davison wrote:
> On Sun, Oct 05, 2008 at 06:47:47AM +0200, Shachar Shemesh wrote:
>
>> The reason this is brought up is because I'm using rssh
>> (http://www.pizzashack.org/rssh/) as the user's shell to limit that
>> user to only be allowed to run rsync.
>>
>
> I looked at the source, and created a patch to make it just require the
> --server option as the first option.
>
> While I was looking at the code, I noticed that the check_command()
> function was busted in that it would accept any abbreviated path of a
> command (e.g. "/usr/bin/rs" would match "/usr/bin/rsync"). The author
> apparently didn't know that strncmp() stops at a null (unlike memcmp()),
> so the length-trimming that is done can just be removed. My patch fixes
> that too.
>
Last I talked to the rssh maintainer (about a couple of years ago) I was
so frustrated with the attitude that I decided to only use rssh until I
knock something better together myself. He (used to) care about scp and
sftp, and little else. You can send the patch over, if you're feeling
lucky. I doubt I'll bother. The only reason I brought the question up
was that if I am going to be writing something myself, I would need to
know what to make it enforce.
Personally, and this is not something that any shell can solve, I would
love for a way to limit the files that the --server side rsync allows
access to. I can then use a custom shell to pass that command line to
rsync to ensure it's enforced.
> ..wayne..
>
Shachar
More information about the rsync
mailing list