Enhanced authentication and authorization in rsyncd
amir.rapson at gmail.com
Wed Aug 26 08:52:23 MDT 2009
I added a few things to allow the rsync daemon more refined
authorization and authentication than the current implementation.
The attached patch file is against the 3.0.6 version.
1. allow the uid and gid used to access a certain module to be
determined by the authenticated user -
uid = __auth__ will use the auth_user's uid
gid = __auth__ will use the auth user's main group's gid
2. seteuid and not just setuid
3. added "rw users" to allow read/write access to a module, "ro users"
to allow read only access to a module and "deny users".
"read only" on the module overrides the user's authorization.
4. added support for groups - with a '@' prefix. For instance: "auth
users = tridge, susan, @rsync_users"
1. If the ACL contains a user-specific rule that matches the user,
then the user is granted rights according to this rule (including
denying access if the permission is none).
2. If the ACL contains a group-rule that denies access of a group the
user belongs to (permission=none), then access is denied.
3. If the ACL contains a group-rule that grants read/write access to a
group the user belongs to, then the user gets read/write access
4. If the ACL contains a group-rule that grants read-only access to a
group the user belongs to, then the user gets read-only access
5. The user is authorized access (for backward compatibility with
older rsync versions)
Please consider commiting this patch for future releases of rsync.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 10455 bytes
Desc: not available
More information about the rsync