[draft PATCH] whitelist support for refuse options

Wayne Davison wayne at opencoder.net
Mon May 18 05:30:03 UTC 2020

On Sun, Feb 9, 2020 at 2:06 PM Nick Cleaton via rsync <rsync at lists.samba.org>

> This adds support for whitelisting the acceptable options in the "refuse
> options" setting in rsyncd.conf. It introduces "!" as a special option
> string that refuses most options and interprets any following strings as
> patterns of options to allow.
> For example, to allow only verbose and archive:
>   refuse options = ! verbose archive

I had been thinking about doing something like this recently, so I
appreciate the patch.  I like your idea of (temporarily) using the descrip
value to keep track of what gets refused, which I also used in my
implementation. I went with a slightly different idiom of adding negated
match terms instead of using "!" to toggle into a different mode that
affects all the following match terms.

The current git now has support for things like the following:

refuse options = * !a !v

refuse options = delete-* !delete-during c

To make things easier, some vital options (such as "server" & "dry-run" &
"no-iconv") are not matched by wild-card terms, so the above refusing of
"*" leaves those options alone while still allowing someone who really,
really wants to disable --dry-run the ability to do so by specifying
"dry-run" (a non-wild match) in their refuse list. The new rsyncd.conf
manpage lists the options that are not matched by wild-cards.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/rsync/attachments/20200517/2f4675a2/attachment.htm>

More information about the rsync mailing list