option 'auth users' in rsyncd.conf

Alexander Dahl post at lespocky.de
Thu Jan 21 11:03:47 MST 2010

Hi there,

this is my first posting to this list, so let me quickly introduce
myself. I'm Alex and currently working on a new version of the rsync
package for the eisfair Linux distribution¹.

I have some problems understanding the behaviour of the 'auth users'
option in the rsyncd.conf file when running rsync in daemon mode. I set
up a module and a secrets file. This is the behaviour I came across:

Setting 'auth users = alice bob', 'auth users = alice,bob', and
'auth users = alice, bob' all seem to be equivalent. In each of these
three cases I can successfully connect to the daemon, which asks for a
password then. On providing a wrong password or a username different
from 'alice' or 'bob' the rsync daemon denies a connection. This is more
or less what I expected from this sentence in the manpage:

  This parameter specifies a comma and space-separated list of usernames
  that will be allowed to connect to this module.

If I omit or outcomment the 'auth users' line, everyone is allowed to
connect and this is also how I understood the manpage.

Now if I use the following line, also everyone is allowed to connect:

  auth users =

So if I don't put any username there, it's like I would have omitted the
line. This is not quite what I expected. This may be senseless but I
would have expected, the rsync daemon would deny everyone to connect
then, because he would check an empty list against the secrets file. Is
there a way to accomplish this behaviour, denying access? Or maybe a
similar behaviour without dropping the whole section of this module from
the config file and without changing any of the other parameters
configured in this module?


¹ http://www.eisfair.org/

»With the first link, the chain is forged. The first speech censured,
the first thought forbidden, the first freedom denied, chains us all
irrevocably.« (Jean-Luc Picard, quoting Judge Aaron Satie)
*** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601  D1D5 8FBA 7744 CC87 10D0 ***

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/rsync/attachments/20100121/c5b4f6e4/attachment.pgp>

More information about the rsync mailing list