Limiting remote operations to a particular directory, and not above ?

Matt McCutchen matt at
Wed Oct 21 21:46:56 MDT 2009

On Wed, 2009-10-21 at 13:40 -0700, George Sanders wrote:
> I am tasked with pointing rsync transfers to valuable, live systems.
> The requirements include that this rsync job be run as root (rsync
> over ssh to the destination, as root) and that the --delete option be
> used.

> What would really make me feel better is if I could somehow tell
> rsync:
> "don't operate at all below /this/point/in/remote/filesystem"  No
> matter what.

An rsync daemon is the right tool to ensure this, without a doubt.

> (I have thought of chrooting a different sshd on the remote, but I'd
> really, really, like to keep the complexity and configuration on the
> sending end and just leave these very simple remote systems alone)

If you don't want to configure the receivers in advance, your script can
invoke a single-use daemon with the configuration data passed on the
command line, like so (bash):

function quote_args {
	# Escape existing single quotes.
	set -- "${@//$apos/$apos$bs$apos$apos}"
	# Wrap each arg in single quotes.
	set -- "${@/#/$apos}"
	set -- "${@/%/$apos}"
	# Join the args with spaces.
	echo "$*"

	path = /this/point/in/remote/filesystem
	uid = root
	gid = root
	read only = false

rsync -e ssh --rsync-path="rsync --config=<(echo $(quote_args "$CONFIG"))" \
	OPTIONS SRC ... rsync://HOST/module

Yes, this is pretty crazy, but it accomplishes what you want.


More information about the rsync mailing list