lewis butler lbutler+rsync at covisp.net
Sun Feb 15 12:08:36 GMT 2009

The man page says:

               This  option  allows  you  to  provide  a password in a  
file for
               accessing an rsync daemon.  The file must not be world  
               It should contain just the password as a single line.

The trouble with this is that the file then shows up like this in an ls:

2 -rw-------  1 root  wheel  9 Jan 24  2007 /var/ 
2 -rw-------  1 root  wheel 11 Jun 30  2007 /var/ 
2 -rw-------  1 root  wheel 10 Jul 14  2008 /var/ 

This tells everyone the exact length of each password (8 characters,  
10, characters, and 9 characters, respectively).

Granted, it's not MUCH of a security issue, and I guess the password- 
files can be stored somewhere out of reach, but it seems to be that it  
would be better if the password-file supported a format something like  

## Rsync Password File
# updated 20090117

server::mount	password
serv2::moun2	password

# This server is only used on tuesdays
tue::mountie	password

## EOF

First off, it would let you have multiple passwords in a single file  
and second of all, it would completely conceal the lengths of each  
password.  (or some other format, even htpasswd format)

The Salvation Army Band played and the children drunk
	lemonade and the morning lasted all day, all day.
	And through an open window came like Sinatra in a
	younger day pushing the town away

More information about the rsync mailing list