Server mode and rsyncd.conf

Glenn Eychaner geychaner at
Fri Apr 15 12:39:15 MDT 2011

On Apr 15, 2011, at 12:10 PM, Wayne Davison wrote:

> You should read the manpage section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION".  It shows you how to combine the daemon-accessing syntax (which it sounds like you aren't using) with the -e (--rsh) option to achieve an ssh daemon connection.  If you want to force this for all ssh access to that user, you need to look into using ssh forced commands (where you either force the command "rsync --server --daemon .", or you force a script that checks the $SSH_ORIGINAL_COMMAND and outputs an error if it is not that).  See also the rrsync script in the support directory that offers a non-daemon way to force an incoming rsync into read-only mode (using a forced "rrsync" command).

I've read it, I've tried it, I still get nothing; I just don't get what it is
I'm not getting here.  So let's now get into the nitty-gritty details, shall
we? For the record, I'm copying from one Mac to another; the remote Mac is the
source, and the local Mac is the target.  I've tested this using both rsync
2.6.9 (both ends) and 3.0.6 (both ends).  Let's start with a simple test:

On the local Mac, I execute the following command, just to prove I have the
SSH keys and stuff all set up right(1):

rsync -av -e "/usr/bin/ssh -i <keyfile>" --rsync-path=/usr/bin/rsync root@<remote>:. /Volumes/testimage

At the remote end, I see the following command get executed via ssh:

/usr/bin/rsync --server --sender -vlogDtpr . .

and it works without difficulty, copying the home directory for root on the
remote machine (/var/root) to the sparseimage mounted at /Volumes/testimage. 
Now, let's add an rsyncd.conf file to /var/root, which looks strikingly similar
to the simple example from the rsyncd.conf man page:

        path = /var/root
        comment = All files

and execute one of the following commands at the local end, which look just
like the example from the man page, as best I can tell:

rsync -av -e "/usr/bin/ssh -i <keyfile>" --rsync-path=/usr/bin/rsync root@<remote>::allfiles /Volumes/testimage
rsync -av -e "/usr/bin/ssh -i <keyfile> -l root" --rsync-path=/usr/bin/rsync <remote>::allfiles /Volumes/testimage

Now, I see the following executed at the remote end:

/usr/bin/rsync --server --daemon .

Which looks great. But at the local end, I see:

rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
rsync error: error in rsync protocol data stream (code 12) at /SourceCache/rsync/rsync-40/rsync/io.c(452) [receiver=2.6.9]

What am I doing wrong? It seems so simple reading the manual... I'm really
sorry if I've missed something obvious, but it's so obvious I'm just not
seeing it.

(1) Why am I playing with the root account?  Well, this all started as a
discussion with the Carbon Copy Cloner guys about how to improve the security
of their handy tool.

Thanks for any help,
Glenn Eychaner (geychaner at
Telescope Systems Programmer, Las Campanas Observatory

More information about the rsync mailing list