78
79
config file in which case the supplied value will override the
79
80
default for that parameter.
82
You may use references to environment variables in the values of parameters.
83
String parameters will have %VAR% references expanded as late as possible (when
84
the string is used in the program), allowing for the use of variables that
85
rsync sets at connection time, such as RSYNC_USER_NAME. Non-string parameters
86
(such as true/false settings) are expanded when read from the config file. If
87
a variable does not exist in the environment, or if a sequence of characters is
88
not a valid reference (such as an un-paired percent sign), the raw characters
89
are passed through unchanged. This helps with backward compatibility and
90
safety (e.g. expanding a non-existent %VAR% to an empty string in a path could
91
result in a very unsafe path). The safest way to insert a literal % into a
82
95
dit(bf(motd file)) This parameter allows you to specify a
83
96
"message of the day" to display to clients on each connect. This
84
97
usually contains site information and any legal notices. The default
99
This can be overridden by the bf(--dparam=motdfile=FILE)
100
command-line option when starting the daemon.
87
102
dit(bf(pid file)) This parameter tells the rsync daemon to write
88
103
its process ID to that file. If the file already exists, the rsync
89
104
daemon will abort rather than overwrite the file.
105
This can be overridden by the bf(--dparam=pidfile=FILE)
106
command-line option when starting the daemon.
91
108
dit(bf(port)) You can override the default port the daemon will listen on
92
109
by specifying this value (defaults to 873). This is ignored if the daemon
293
330
be possible if file permissions on the daemon side allow them. The default
294
331
is for all modules to be read only.
333
Note that "auth users" can override this setting on a per-user basis.
296
335
dit(bf(write only)) This parameter determines whether clients
297
336
will be able to download files or not. If "write only" is true then any
298
337
attempted downloads will fail. If "write only" is false then downloads
299
338
will be possible if file permissions on the daemon side allow them. The
300
339
default is for this parameter to be disabled.
302
dit(bf(list)) This parameter determines if this module should be
303
listed when the client asks for a listing of available modules. By
304
setting this to false you can create hidden modules. The default is
305
for modules to be listable.
341
dit(bf(list)) This parameter determines whether this module is
342
listed when the client asks for a listing of available modules. In addition,
343
if this is false, the daemon will pretend the module does not exist
344
when a client denied by "hosts allow" or "hosts deny" attempts to access it.
345
Realize that if "reverse lookup" is disabled globally but enabled for the
346
module, the resulting reverse lookup to a potentially client-controlled DNS
347
server may still reveal to the client that it hit an existing module.
348
The default is for modules to be listable.
307
350
dit(bf(uid)) This parameter specifies the user name or user ID that
308
351
file transfers to and from that module should take place as when the daemon
309
352
was run as root. In combination with the "gid" parameter this determines what
310
file permissions are available. The default is uid -2, which is normally
313
dit(bf(gid)) This parameter specifies the group name or group ID that
314
file transfers to and from that module should take place as when the daemon
315
was run as root. This complements the "uid" parameter. The default is gid -2,
316
which is normally the group "nobody".
353
file permissions are available. The default when run by a super-user is to
354
switch to the system's "nobody" user. The default for a non-super-user is to
355
not try to change the user. See also the "gid" parameter.
357
The RSYNC_USER_NAME environment variable may be used to request that rsync run
358
as the authorizing user. For example, if you want a rsync to run as the same
359
user that was received for the rsync authentication, this setup is useful:
361
verb( uid = %RSYNC_USER_NAME%
364
dit(bf(gid)) This parameter specifies one or more group names/IDs that will be
365
used when accessing the module. The first one will be the default group, and
366
any extra ones be set as supplemental groups. You may also specify a "*" as
367
the first gid in the list, which will be replaced by all the normal groups for
368
the transfer's user (see "uid"). The default when run by a super-user is to
369
switch to your OS's "nobody" (or perhaps "nogroup") group with no other
370
supplementary groups. The default for a non-super-user is to not change any
371
group attributes (and indeed, your OS may not allow a non-super-user to try to
372
change their group settings).
318
374
dit(bf(fake super)) Setting "fake super = yes" for a module causes the
319
375
daemon side to behave as if the bf(--fake-super) command-line option had
388
444
See the description of the bf(--chmod) rsync option and the bf(chmod)(1)
389
445
manpage for information on the format of this string.
391
dit(bf(auth users)) This parameter specifies a comma and
392
space-separated list of usernames that will be allowed to connect to
447
dit(bf(auth users)) This parameter specifies a comma and/or space-separated
448
list of authorization rules. In its simplest form, you list the usernames
449
that will be allowed to connect to
393
450
this module. The usernames do not need to exist on the local
394
system. The usernames may also contain shell wildcard characters. If
451
system. The rules may contain shell wildcard characters that will be matched
452
against the username provided by the client for authentication. If
395
453
"auth users" is set then the client will be challenged to supply a
396
454
username and password to connect to the module. A challenge response
397
455
authentication protocol is used for this exchange. The plain text
399
457
"secrets file" parameter. The default is for all users to be able to
400
458
connect without a password (this is called "anonymous rsync").
460
In addition to username matching, you can specify groupname matching via a '@'
461
prefix. When using groupname matching, the authenticating username must be a
462
real user on the system, or it will be assumed to be a member of no groups.
463
For example, specifying "@rsync" will match the authenticating user if the
464
named user is a member of the rsync group.
466
Finally, options may be specified after a colon (:). The options allow you to
467
"deny" a user or a group, set the access to "ro" (read-only), or set the access
468
to "rw" (read/write). Setting an auth-rule-specific ro/rw setting overrides
469
the module's "read only" setting.
471
Be sure to put the rules in the order you want them to be matched, because the
472
checking stops at the first matching user or group, and that is the only auth
473
that is checked. For example:
475
verb( auth users = joe:deny @guest:deny admin:rw @rsync:ro susan joe sam )
477
In the above rule, user joe will be denied access no matter what. Any user
478
that is in the group "guest" is also denied access. The user "admin" gets
479
access in read/write mode, but only if the admin user is not in group "guest"
480
(because the admin user-matching rule would never be reached if the user is in
481
group "guest"). Any other user who is in group "rsync" will get read-only
482
access. Finally, users susan, joe, and sam get the ro/rw setting of the
483
module, but only if the user didn't match an earlier group-matching rule.
485
See the description of the secrets file for how you can have per-user passwords
486
as well as per-group passwords. It also explains how a user can authenticate
487
using their user password or (when applicable) a group password, depending on
488
what rule is being authenticated.
402
490
See also the section entitled "USING RSYNC-DAEMON FEATURES VIA A REMOTE
403
491
SHELL CONNECTION" in bf(rsync)(1) for information on how handle an
404
492
rsyncd.conf-level username that differs from the remote-shell-level
405
493
username when using a remote shell to connect to an rsync daemon.
407
dit(bf(secrets file)) This parameter specifies the name of
408
a file that contains the username:password pairs used for
409
authenticating this module. This file is only consulted if the "auth
410
users" parameter is specified. The file is line based and contains
411
username:password pairs separated by a single colon. Any line starting
412
with a hash (#) is considered a comment and is skipped. The passwords
413
can contain any characters but be warned that many operating systems
414
limit the length of passwords that can be typed at the client end, so
415
you may find that passwords longer than 8 characters don't work.
495
dit(bf(secrets file)) This parameter specifies the name of a file that contains
496
the username:password and/or @groupname:password pairs used for authenticating
497
this module. This file is only consulted if the "auth users" parameter is
498
specified. The file is line-based and contains one name:password pair per
499
line. Any line has a hash (#) as the very first character on the line is
500
considered a comment and is skipped. The passwords can contain any characters
501
but be warned that many operating systems limit the length of passwords that
502
can be typed at the client end, so you may find that passwords longer than 8
503
characters don't work.
505
The use of group-specific lines are only relevant when the module is being
506
authorized using a matching "@groupname" rule. When that happens, the user
507
can be authorized via either their "username:password" line or the
508
"@groupname:password" line for the group that triggered the authentication.
510
It is up to you what kind of password entries you want to include, either
511
users, groups, or both. The use of group rules in "auth users" does not
512
require that you specify a group password if you do not want to use shared
417
515
There is no default for the "secrets file" parameter, you must choose a name
418
516
(such as tt(/etc/rsyncd.secrets)). The file must normally not be readable
419
by "other"; see "strict modes".
517
by "other"; see "strict modes". If the file is not found or is rejected, no
518
logins for a "user auth" module will be possible.
421
520
dit(bf(strict modes)) This parameter determines whether or not
422
521
the permissions on the secrets file will be checked. If "strict modes" is
443
542
IP address and maskaddr is the netmask in dotted decimal notation for IPv4,
444
543
or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP
445
544
addresses which match the masked IP address will be allowed in.
446
it() a hostname. The hostname as determined by a reverse lookup will
447
be matched (case insensitive) against the pattern. Only an exact
449
it() a hostname pattern using wildcards. These are matched using the
450
same rules as normal unix filename matching. If the pattern matches
451
then the client is allowed in.
545
it() a hostname pattern using wildcards. If the hostname of the connecting IP
546
(as determined by a reverse lookup) matches the wildcarded name (using the
547
same rules as normal unix filename matching), the client is allowed in. This
548
only works if "reverse lookup" is enabled (the default).
549
it() a hostname. A plain hostname is matched against the reverse DNS of the
550
connecting IP (if "reverse lookup" is enabled), and/or the IP of the given
551
hostname is matched against the connecting IP (if "forward lookup" is
552
enabled, as it is by default). Any match will be allowed in.
454
555
Note IPv6 link-local addresses can have a scope in the address specification:
477
578
The default is no "hosts deny" parameter, which means all hosts can connect.
580
dit(bf(reverse lookup)) Controls whether the daemon performs a reverse lookup
581
on the client's IP address to determine its hostname, which is used for
582
"hosts allow"/"hosts deny" checks and the "%h" log escape. This is enabled by
583
default, but you may wish to disable it to save time if you know the lookup will
584
not return a useful result, in which case the daemon will use the name
585
"UNDETERMINED" instead.
587
If this parameter is enabled globally (even by default), rsync performs the
588
lookup as soon as a client connects, so disabling it for a module will not
589
avoid the lookup. Thus, you probably want to disable it globally and then
590
enable it for modules that need the information.
592
dit(bf(forward lookup)) Controls whether the daemon performs a forward lookup
593
on any hostname specified in an hosts allow/deny setting. By default this is
594
enabled, allowing the use of an explicit hostname that would not be returned
595
by reverse DNS of the connecting IP.
479
597
dit(bf(ignore errors)) This parameter tells rsyncd to
480
598
ignore I/O errors on the daemon when deciding whether to run the delete
481
599
phase of the transfer. Normally rsync skips the bf(--delete) step if any
502
620
sequences prefixed with a percent (%) character. An optional numeric
503
621
field width may also be specified between the percent and the escape
504
622
letter (e.g. "bf(%-50n %8l %07p)").
623
In addition, one or more apostrophes may be specified prior to a numerical
624
escape to indicate that the numerical value should be made more human-readable.
625
The 3 supported levels are the same as for the bf(--human-readable)
626
command-line option, though the default is for human-readability to be off.
627
Each added apostrophe increases the level (e.g. "bf(%''l %'b %f)").
506
629
The default log format is "%o %h [%a] %m (%u) %f %l", and a "%t [%p] "
507
630
is always prefixed when using the "log file" parameter.
512
635
The single-character escapes that are understood are as follows:
514
637
quote(itemization(
515
it() %a the remote IP address
638
it() %a the remote IP address (only available for a daemon)
516
639
it() %b the number of bytes actually transferred
517
640
it() %B the permission bits of the file (e.g. rwxrwxrwt)
518
641
it() %c the total size of the block checksums received for the basis file (only when sending)
642
it() %C the full-file MD5 checksum if bf(--checksum) is enabled or a file was transferred (only for protocol 30 or above).
519
643
it() %f the filename (long form on sender; no trailing "/")
520
644
it() %G the gid of the file (decimal) or "DEFAULT"
521
it() %h the remote host name
645
it() %h the remote host name (only available for a daemon)
522
646
it() %i an itemized list of what is being updated
523
647
it() %l the length of the file in bytes
524
648
it() %L the string " -> SYMLINK", " => HARDLINK", or "" (where bf(SYMLINK) or bf(HARDLINK) is a filename)
590
714
dit(bf(pre-xfer exec), bf(post-xfer exec)) You may specify a command to be run
591
715
before and/or after the transfer. If the bf(pre-xfer exec) command fails, the
592
transfer is aborted before it begins.
716
transfer is aborted before it begins. Any output from the script on stdout (up
717
to several KB) will be displayed to the user when aborting, but is NOT
718
displayed if the script returns success. Any output from the script on stderr
719
goes to the daemon's stderr, which is typically discarded (though see
720
--no-detatch option for a way to see the stderr output, which can assist with
594
723
The following environment variables will be set, though some are
595
724
specific to the pre-xfer or the post-xfer environment:
602
731
it() bf(RSYNC_USER_NAME): The accessing user's name (empty if no user).
603
732
it() bf(RSYNC_PID): A unique number for this transfer.
604
733
it() bf(RSYNC_REQUEST): (pre-xfer only) The module/path info specified
605
by the user (note that the user can specify multiple source files,
606
so the request can be something like "mod/path1 mod/path2", etc.).
734
by the user. Note that the user can specify multiple source files,
735
so the request can be something like "mod/path1 mod/path2", etc.
607
736
it() bf(RSYNC_ARG#): (pre-xfer only) The pre-request arguments are set
608
in these numbered values. RSYNC_ARG0 is always "rsyncd", and the last
609
value contains a single period.
737
in these numbered values. RSYNC_ARG0 is always "rsyncd", followed by
738
the options that were used in RSYNC_ARG1, and so on. There will be a
739
value of "." indicating that the options are done and the path args
740
are beginning -- these contain similar information to RSYNC_REQUEST,
741
but with values separated and the module name stripped off.
610
742
it() bf(RSYNC_EXIT_STATUS): (post-xfer only) the server side's exit value.
611
743
This will be 0 for a successful run, a positive value for an error that the
612
744
server generated, or a -1 if rsync failed to exit properly. Note that an
756
manpagesection(CONFIG DIRECTIVES)
758
There are currently two config directives available that allow a config file to
759
incorporate the contents of other files: bf(&include) and bf(&merge). Both
760
allow a reference to either a file or a directory. They differ in how
761
segregated the file's contents are considered to be.
763
The bf(&include) directive treats each file as more distinct, with each one
764
inheriting the defaults of the parent file, starting the parameter parsing
765
as globals/defaults, and leaving the defaults unchanged for the parsing of
766
the rest of the parent file.
768
The bf(&merge) directive, on the other hand, treats the file's contents as
769
if it were simply inserted in place of the directive, and thus it can set
770
parameters in a module started in another file, can affect the defaults for
773
When an bf(&include) or bf(&merge) directive refers to a directory, it will read
774
in all the bf(*.conf) or bf(*.inc) files (respectively) that are contained inside
775
that directory (without any
776
recursive scanning), with the files sorted into alpha order. So, if you have a
777
directory named "rsyncd.d" with the files "foo.conf", "bar.conf", and
778
"baz.conf" inside it, this directive:
780
verb( &include /path/rsyncd.d )
782
would be the same as this set of directives:
784
verb( &include /path/rsyncd.d/bar.conf
785
&include /path/rsyncd.d/baz.conf
786
&include /path/rsyncd.d/foo.conf )
788
except that it adjusts as files are added and removed from the directory.
790
The advantage of the bf(&include) directive is that you can define one or more
791
modules in a separate file without worrying about unintended side-effects
792
between the self-contained module files.
794
The advantage of the bf(&merge) directive is that you can load config snippets
795
that can be included into multiple module definitions, and you can also set
796
global values that will affect connections (such as bf(motd file)), or globals
797
that will affect other include files.
799
For example, this is a useful /etc/rsyncd.conf file:
802
log file = /var/log/rsync.log
803
pid file = /var/lock/rsync.lock
806
&include /etc/rsyncd.d )
808
This would merge any /etc/rsyncd.d/*.inc files (for global values that should
809
stay in effect), and then include any /etc/rsyncd.d/*.conf files (defining
810
modules without any global-value cross-talk).
624
812
manpagesection(AUTHENTICATION STRENGTH)
626
814
The authentication protocol used in rsync is a 128 bit MD4 based