~ubuntu-branches/ubuntu/trusty/rsync/trusty

Committer: Package Import Robot
Author(s): Paul Slootman
Date: 2013-10-27 12:01:10 UTC
mfrom: (1.1.13) (2.1.11 sid)
Revision ID: package-import@ubuntu.com-20131027120110-mpr03n5scqmf40mi

Tags: 3.1.0-2

http://bugs.debian.org/32379

fix build failure if zlib1g-dev package is not installed;
solved by building without the included zlib source and adding a
build-depends on zlib1g-dev >= 1:1.2.8
closes:32379

files added:
delete.c

inums.h

itypes.h

lib/getpass.c

packaging/branch-from-patch

rsync-ssl.in

stunnel-rsync.in

stunnel-rsyncd.conf.in

support/instant-rsyncd

support/lsh.sh

support/mapfrom

support/mapto

support/rsync-slash-strip

testrun.c

util2.c

zlib/gzguts.h

files removed:
debian/patches/cast--1-size_t.diff

debian/patches/delete-delay.diff

debian/patches/manpage.diff.nomore

debian/patches/manpages.GPL.diff

debian/patches/partial-timestamp.diff

debian/patches/progress-cursor-pos.diff

debian/patches/rsyncd.conf.5.comment.diff

files modified:
.gitignore

Makefile.in

NEWS

OLDNEWS

access.c

acls.c

authenticate.c

backup.c

batch.c

byteorder.h

case_N.h

checksum.c

chmod.c

cleanup.c

clientname.c

clientserver.c

compat.c

config.guess *

config.h.in

config.sub *

configure

configure.ac

configure.sh

debian/changelog

debian/control

debian/copyright

debian/patches/README

debian/postinst

debian/rules

errcode.h

exclude.c

fileio.c

flist.c

generator.c

getgroups.c

hashtable.c

hlink.c

ifuncs.h

io.c

io.h

lib/compat.c

lib/pool_alloc.3

lib/pool_alloc.c

lib/pool_alloc.h

lib/snprintf.c

lib/sysxattrs.c

loadparm.c

log.c

main.c

match.c

options.c

packaging/git-status.pl

packaging/lsb/rsync.spec

packaging/patch-update

packaging/release-rsync

params.c

pipe.c

progress.c

proto.h

receiver.c

rounding.c

rsync.1

rsync.c

rsync.h

rsync.yo

rsyncd.conf.5

rsyncd.conf.yo

runtests.sh

sender.c

shconfig.in

socket.c

support/git-set-file-times

support/lsh

support/rrsync

syscall.c

t_stub.c

t_unsafe.c

testsuite/00-hello.test

testsuite/acls.test

testsuite/backup.test

testsuite/chmod-option.test

testsuite/chown.test

testsuite/daemon.test

testsuite/default-acls.test

testsuite/devices.test

testsuite/dir-sgid.test

testsuite/executability.test

testsuite/files-from.test

testsuite/hands.test

testsuite/hardlinks.test

testsuite/itemize.test

testsuite/missing.test

testsuite/rsync.fns

testsuite/ssh-basic.test

testsuite/xattrs.test

tls.c

token.c

trimslash.c

uidlist.c

util.c

wildtest.c

xattrs.c

zlib/ChangeLog

zlib/README

zlib/adler32.c

zlib/compress.c

zlib/crc32.c

zlib/crc32.h

zlib/deflate.c

zlib/deflate.h

zlib/inffast.c

zlib/inffast.h

zlib/inffixed.h

zlib/inflate.c

zlib/inflate.h

zlib/inftrees.c

zlib/inftrees.h

zlib/trees.c

zlib/trees.h

zlib/zconf.h

zlib/zlib.h

zlib/zutil.c

zlib/zutil.h

Show diffs side-by-side

added added

removed removed

rsyncd.conf.yo

mailto(rsync-bugs@samba.org)

manpage(rsyncd.conf)(5)(23 Sep 2011)()()

manpage(rsyncd.conf)(5)(28 Sep 2013)()()

manpagename(rsyncd.conf)(configuration file for rsync in daemon mode)

manpagesynopsis()

trailing whitespace in a parameter value is discarded. Internal whitespace

within a parameter value is retained verbatim.

Any line beginning with a hash (#) is ignored, as are lines containing

only whitespace.

Any line bf(beginning) with a hash (#) is ignored, as are lines containing

only whitespace. (If a hash occurs after anything other than leading

whitespace, it is considered a part of the line's content.)

Any line ending in a \ is "continued" on the next line in the

customary UNIX fashion.

config file in which case the supplied value will override the

default for that parameter.

You may use references to environment variables in the values of parameters.

String parameters will have %VAR% references expanded as late as possible (when

the string is used in the program), allowing for the use of variables that

rsync sets at connection time, such as RSYNC_USER_NAME. Non-string parameters

(such as true/false settings) are expanded when read from the config file. If

a variable does not exist in the environment, or if a sequence of characters is

not a valid reference (such as an un-paired percent sign), the raw characters

are passed through unchanged. This helps with backward compatibility and

safety (e.g. expanding a non-existent %VAR% to an empty string in a path could

result in a very unsafe path). The safest way to insert a literal % into a

value is to use %%.

startdit()

dit(bf(motd file)) This parameter allows you to specify a

"message of the day" to display to clients on each connect. This

usually contains site information and any legal notices. The default

is no motd file.

This can be overridden by the bf(--dparam=motdfile=FILE)

100

command-line option when starting the daemon.

101

102

dit(bf(pid file)) This parameter tells the rsync daemon to write

103

its process ID to that file. If the file already exists, the rsync

104

daemon will abort rather than overwrite the file.

105

This can be overridden by the bf(--dparam=pidfile=FILE)

106

command-line option when starting the daemon.

107

108

dit(bf(port)) You can override the default port the daemon will listen on

109

by specifying this value (defaults to 873). This is ignored if the daemon

104

121

special socket options are set. These settings can also be specified

105

122

via the bf(--sockopts) command-line option.

106

123

124

dit(bf(listen backlog)) You can override the default backlog value when the

125

daemon listens for connections. It defaults to 5.

126

107

127

enddit()

108

128

109

129

manpagesection(MODULE PARAMETERS)

117

137

changed into a single space, while leading or trailing whitespace will be

118

138

discarded.

119

139

140

As with GLOBAL PARAMETERS, you may use references to environment variables in

141

the values of parameters. See the GLOBAL PARAMETERS section for more details.

142

120

143

startdit()

121

144

122

145

dit(bf(comment)) This parameter specifies a description string

127

150

filesystem to make available in this module. You must specify this parameter

128

151

for each module in tt(rsyncd.conf).

129

152

153

You may base the path's value off of an environment variable by surrounding

154

the variable name with percent signs. You can even reference a variable

155

that is set by rsync when the user connects.

156

For example, this would use the authorizing user's name in the path:

157

158

verb( path = /home/%RSYNC_USER_NAME% )

159

130

160

It is fine if the path includes internal spaces -- they will be retained

131

161

verbatim (which means that you shouldn't try to escape them). If your final

132

162

directory has a trailing space (and this is somehow not something you wish to

197

227

resources.

198

228

199

229

dit(bf(munge symlinks)) This parameter tells rsync to modify

200

all incoming symlinks in a way that makes them unusable but recoverable

201

(see below). This should help protect your files from user trickery when

230

all symlinks in the same way as the (non-daemon-affecting)

231

bf(--munge-links) command-line option (using a method described below).

232

This should help protect your files from user trickery when

202

233

your daemon module is writable. The default is disabled when "use chroot"

203

234

is on and the inside-chroot path is "/", otherwise it is enabled.

204

235

266

297

using syslog and output an error about the failure. (Note that the

267

298

failure to open the specified log file used to be a fatal error.)

268

299

300

This setting can be overridden by using the bf(--log-file=FILE) or

301

bf(--dparam=logfile=FILE) command-line options. The former overrides

302

all the log-file parameters of the daemon and all module settings.

303

The latter sets the daemon's log file and the default for all the

304

modules, which still allows modules to override the default setting.

305

269

306

dit(bf(syslog facility)) This parameter allows you to

270

307

specify the syslog facility name to use when logging messages from the

271

308

rsync daemon. You may use any standard syslog facility name which is

293

330

be possible if file permissions on the daemon side allow them. The default

294

331

is for all modules to be read only.

295

332

333

Note that "auth users" can override this setting on a per-user basis.

334

296

335

dit(bf(write only)) This parameter determines whether clients

297

336

will be able to download files or not. If "write only" is true then any

298

337

attempted downloads will fail. If "write only" is false then downloads

299

338

will be possible if file permissions on the daemon side allow them. The

300

339

default is for this parameter to be disabled.

301

340

302

dit(bf(list)) This parameter determines if this module should be

303

listed when the client asks for a listing of available modules. By

304

setting this to false you can create hidden modules. The default is

305

for modules to be listable.

341

dit(bf(list)) This parameter determines whether this module is

342

listed when the client asks for a listing of available modules. In addition,

343

if this is false, the daemon will pretend the module does not exist

344

when a client denied by "hosts allow" or "hosts deny" attempts to access it.

345

Realize that if "reverse lookup" is disabled globally but enabled for the

346

module, the resulting reverse lookup to a potentially client-controlled DNS

347

server may still reveal to the client that it hit an existing module.

348

The default is for modules to be listable.

306

349

307

350

dit(bf(uid)) This parameter specifies the user name or user ID that

308

351

file transfers to and from that module should take place as when the daemon

309

352

was run as root. In combination with the "gid" parameter this determines what

310

file permissions are available. The default is uid -2, which is normally

311

the user "nobody".

312

313

dit(bf(gid)) This parameter specifies the group name or group ID that

314

file transfers to and from that module should take place as when the daemon

315

was run as root. This complements the "uid" parameter. The default is gid -2,

316

which is normally the group "nobody".

353

file permissions are available. The default when run by a super-user is to

354

switch to the system's "nobody" user. The default for a non-super-user is to

355

not try to change the user. See also the "gid" parameter.

356

357

The RSYNC_USER_NAME environment variable may be used to request that rsync run

358

as the authorizing user. For example, if you want a rsync to run as the same

359

user that was received for the rsync authentication, this setup is useful:

360

361

verb( uid = %RSYNC_USER_NAME%

362

gid = * )

363

364

dit(bf(gid)) This parameter specifies one or more group names/IDs that will be

365

used when accessing the module. The first one will be the default group, and

366

any extra ones be set as supplemental groups. You may also specify a "*" as

367

the first gid in the list, which will be replaced by all the normal groups for

368

the transfer's user (see "uid"). The default when run by a super-user is to

369

switch to your OS's "nobody" (or perhaps "nogroup") group with no other

370

supplementary groups. The default for a non-super-user is to not change any

371

group attributes (and indeed, your OS may not allow a non-super-user to try to

372

change their group settings).

317

373

318

374

dit(bf(fake super)) Setting "fake super = yes" for a module causes the

319

375

daemon side to behave as if the bf(--fake-super) command-line option had

388

444

See the description of the bf(--chmod) rsync option and the bf(chmod)(1)

389

445

manpage for information on the format of this string.

390

446

391

dit(bf(auth users)) This parameter specifies a comma and

392

space-separated list of usernames that will be allowed to connect to

447

dit(bf(auth users)) This parameter specifies a comma and/or space-separated

448

list of authorization rules. In its simplest form, you list the usernames

449

that will be allowed to connect to

393

450

this module. The usernames do not need to exist on the local

394

system. The usernames may also contain shell wildcard characters. If

451

system. The rules may contain shell wildcard characters that will be matched

452

against the username provided by the client for authentication. If

395

453

"auth users" is set then the client will be challenged to supply a

396

454

username and password to connect to the module. A challenge response

397

455

authentication protocol is used for this exchange. The plain text

399

457

"secrets file" parameter. The default is for all users to be able to

400

458

connect without a password (this is called "anonymous rsync").

401

459

460

In addition to username matching, you can specify groupname matching via a '@'

461

prefix. When using groupname matching, the authenticating username must be a

462

real user on the system, or it will be assumed to be a member of no groups.

463

For example, specifying "@rsync" will match the authenticating user if the

464

named user is a member of the rsync group.

465

466

Finally, options may be specified after a colon (:). The options allow you to

467

"deny" a user or a group, set the access to "ro" (read-only), or set the access

468

to "rw" (read/write). Setting an auth-rule-specific ro/rw setting overrides

469

the module's "read only" setting.

470

471

Be sure to put the rules in the order you want them to be matched, because the

472

checking stops at the first matching user or group, and that is the only auth

473

that is checked. For example:

474

475

verb( auth users = joe:deny @guest:deny admin:rw @rsync:ro susan joe sam )

476

477

In the above rule, user joe will be denied access no matter what. Any user

478

that is in the group "guest" is also denied access. The user "admin" gets

479

access in read/write mode, but only if the admin user is not in group "guest"

480

(because the admin user-matching rule would never be reached if the user is in

481

group "guest"). Any other user who is in group "rsync" will get read-only

482

access. Finally, users susan, joe, and sam get the ro/rw setting of the

483

module, but only if the user didn't match an earlier group-matching rule.

484

485

See the description of the secrets file for how you can have per-user passwords

486

as well as per-group passwords. It also explains how a user can authenticate

487

using their user password or (when applicable) a group password, depending on

488

what rule is being authenticated.

489

402

490

See also the section entitled "USING RSYNC-DAEMON FEATURES VIA A REMOTE

403

491

SHELL CONNECTION" in bf(rsync)(1) for information on how handle an

404

492

rsyncd.conf-level username that differs from the remote-shell-level

405

493

username when using a remote shell to connect to an rsync daemon.

406

494

407

dit(bf(secrets file)) This parameter specifies the name of

408

a file that contains the username:password pairs used for

409

authenticating this module. This file is only consulted if the "auth

410

users" parameter is specified. The file is line based and contains

411

username:password pairs separated by a single colon. Any line starting

412

with a hash (#) is considered a comment and is skipped. The passwords

413

can contain any characters but be warned that many operating systems

414

limit the length of passwords that can be typed at the client end, so

415

you may find that passwords longer than 8 characters don't work.

495

dit(bf(secrets file)) This parameter specifies the name of a file that contains

496

the username:password and/or @groupname:password pairs used for authenticating

497

this module. This file is only consulted if the "auth users" parameter is

498

specified. The file is line-based and contains one name:password pair per

499

line. Any line has a hash (#) as the very first character on the line is

500

considered a comment and is skipped. The passwords can contain any characters

501

but be warned that many operating systems limit the length of passwords that

502

can be typed at the client end, so you may find that passwords longer than 8

503

characters don't work.

504

505

The use of group-specific lines are only relevant when the module is being

506

authorized using a matching "@groupname" rule. When that happens, the user

507

can be authorized via either their "username:password" line or the

508

"@groupname:password" line for the group that triggered the authentication.

509

510

It is up to you what kind of password entries you want to include, either

511

users, groups, or both. The use of group rules in "auth users" does not

512

require that you specify a group password if you do not want to use shared

513

passwords.

416

514

417

515

There is no default for the "secrets file" parameter, you must choose a name

418

516

(such as tt(/etc/rsyncd.secrets)). The file must normally not be readable

419

by "other"; see "strict modes".

517

by "other"; see "strict modes". If the file is not found or is rejected, no

518

logins for a "user auth" module will be possible.

420

519

421

520

dit(bf(strict modes)) This parameter determines whether or not

422

521

the permissions on the secrets file will be checked. If "strict modes" is

443

542

IP address and maskaddr is the netmask in dotted decimal notation for IPv4,

444

543

or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP

445

544

addresses which match the masked IP address will be allowed in.

446

it() a hostname. The hostname as determined by a reverse lookup will

447

be matched (case insensitive) against the pattern. Only an exact

448

match is allowed in.

449

it() a hostname pattern using wildcards. These are matched using the

450

same rules as normal unix filename matching. If the pattern matches

451

then the client is allowed in.

545

it() a hostname pattern using wildcards. If the hostname of the connecting IP

546

(as determined by a reverse lookup) matches the wildcarded name (using the

547

same rules as normal unix filename matching), the client is allowed in. This

548

only works if "reverse lookup" is enabled (the default).

549

it() a hostname. A plain hostname is matched against the reverse DNS of the

550

connecting IP (if "reverse lookup" is enabled), and/or the IP of the given

551

hostname is matched against the connecting IP (if "forward lookup" is

552

enabled, as it is by default). Any match will be allowed in.

452

553

))

453

554

454

555

Note IPv6 link-local addresses can have a scope in the address specification:

476

577

477

578

The default is no "hosts deny" parameter, which means all hosts can connect.

478

579

580

dit(bf(reverse lookup)) Controls whether the daemon performs a reverse lookup

581

on the client's IP address to determine its hostname, which is used for

582

"hosts allow"/"hosts deny" checks and the "%h" log escape. This is enabled by

583

default, but you may wish to disable it to save time if you know the lookup will

584

not return a useful result, in which case the daemon will use the name

585

"UNDETERMINED" instead.

586

587

If this parameter is enabled globally (even by default), rsync performs the

588

lookup as soon as a client connects, so disabling it for a module will not

589

avoid the lookup. Thus, you probably want to disable it globally and then

590

enable it for modules that need the information.

591

592

dit(bf(forward lookup)) Controls whether the daemon performs a forward lookup

593

on any hostname specified in an hosts allow/deny setting. By default this is

594

enabled, allowing the use of an explicit hostname that would not be returned

595

by reverse DNS of the connecting IP.

596

479

597

dit(bf(ignore errors)) This parameter tells rsyncd to

480

598

ignore I/O errors on the daemon when deciding whether to run the delete

481

599

phase of the transfer. Normally rsync skips the bf(--delete) step if any

502

620

sequences prefixed with a percent (%) character. An optional numeric

503

621

field width may also be specified between the percent and the escape

504

622

letter (e.g. "bf(%-50n %8l %07p)").

623

In addition, one or more apostrophes may be specified prior to a numerical

624

escape to indicate that the numerical value should be made more human-readable.

625

The 3 supported levels are the same as for the bf(--human-readable)

626

command-line option, though the default is for human-readability to be off.

627

Each added apostrophe increases the level (e.g. "bf(%''l %'b %f)").

505

628

506

629

The default log format is "%o %h [%a] %m (%u) %f %l", and a "%t [%p] "

507

630

is always prefixed when using the "log file" parameter.

512

635

The single-character escapes that are understood are as follows:

513

636

514

637

quote(itemization(

515

it() %a the remote IP address

638

it() %a the remote IP address (only available for a daemon)

516

639

it() %b the number of bytes actually transferred

517

640

it() %B the permission bits of the file (e.g. rwxrwxrwt)

518

641

it() %c the total size of the block checksums received for the basis file (only when sending)

642

it() %C the full-file MD5 checksum if bf(--checksum) is enabled or a file was transferred (only for protocol 30 or above).

519

643

it() %f the filename (long form on sender; no trailing "/")

520

644

it() %G the gid of the file (decimal) or "DEFAULT"

521

it() %h the remote host name

645

it() %h the remote host name (only available for a daemon)

522

646

it() %i an itemized list of what is being updated

523

647

it() %l the length of the file in bytes

524

648

it() %L the string " -> SYMLINK", " => HARDLINK", or "" (where bf(SYMLINK) or bf(HARDLINK) is a filename)

589

713

590

714

dit(bf(pre-xfer exec), bf(post-xfer exec)) You may specify a command to be run

591

715

before and/or after the transfer. If the bf(pre-xfer exec) command fails, the

592

transfer is aborted before it begins.

716

transfer is aborted before it begins. Any output from the script on stdout (up

717

to several KB) will be displayed to the user when aborting, but is NOT

718

displayed if the script returns success. Any output from the script on stderr

719

goes to the daemon's stderr, which is typically discarded (though see

720

--no-detatch option for a way to see the stderr output, which can assist with

721

debugging).

593

722

594

723

The following environment variables will be set, though some are

595

724

specific to the pre-xfer or the post-xfer environment:

602

731

it() bf(RSYNC_USER_NAME): The accessing user's name (empty if no user).

603

732

it() bf(RSYNC_PID): A unique number for this transfer.

604

733

it() bf(RSYNC_REQUEST): (pre-xfer only) The module/path info specified

605

by the user (note that the user can specify multiple source files,

606

so the request can be something like "mod/path1 mod/path2", etc.).

734

by the user. Note that the user can specify multiple source files,

735

so the request can be something like "mod/path1 mod/path2", etc.

607

736

it() bf(RSYNC_ARG#): (pre-xfer only) The pre-request arguments are set

608

in these numbered values. RSYNC_ARG0 is always "rsyncd", and the last

609

value contains a single period.

737

in these numbered values. RSYNC_ARG0 is always "rsyncd", followed by

738

the options that were used in RSYNC_ARG1, and so on. There will be a

739

value of "." indicating that the options are done and the path args

740

are beginning -- these contain similar information to RSYNC_REQUEST,

741

but with values separated and the module name stripped off.

610

742

it() bf(RSYNC_EXIT_STATUS): (post-xfer only) the server side's exit value.

611

743

This will be 0 for a successful run, a positive value for an error that the

612

744

server generated, or a -1 if rsync failed to exit properly. Note that an

621

753

622

754

enddit()

623

755

756

manpagesection(CONFIG DIRECTIVES)

757

758

There are currently two config directives available that allow a config file to

759

incorporate the contents of other files: bf(&include) and bf(&merge). Both

760

allow a reference to either a file or a directory. They differ in how

761

segregated the file's contents are considered to be.

762

763

The bf(&include) directive treats each file as more distinct, with each one

764

inheriting the defaults of the parent file, starting the parameter parsing

765

as globals/defaults, and leaving the defaults unchanged for the parsing of

766

the rest of the parent file.

767

768

The bf(&merge) directive, on the other hand, treats the file's contents as

769

if it were simply inserted in place of the directive, and thus it can set

770

parameters in a module started in another file, can affect the defaults for

771

other files, etc.

772

773

When an bf(&include) or bf(&merge) directive refers to a directory, it will read

774

in all the bf(*.conf) or bf(*.inc) files (respectively) that are contained inside

775

that directory (without any

776

recursive scanning), with the files sorted into alpha order. So, if you have a

777

directory named "rsyncd.d" with the files "foo.conf", "bar.conf", and

778

"baz.conf" inside it, this directive:

779

780

verb( &include /path/rsyncd.d )

781

782

would be the same as this set of directives:

783

784

verb( &include /path/rsyncd.d/bar.conf

785

&include /path/rsyncd.d/baz.conf

786

&include /path/rsyncd.d/foo.conf )

787

788

except that it adjusts as files are added and removed from the directory.

789

790

The advantage of the bf(&include) directive is that you can define one or more

791

modules in a separate file without worrying about unintended side-effects

792

between the self-contained module files.

793

794

The advantage of the bf(&merge) directive is that you can load config snippets

795

that can be included into multiple module definitions, and you can also set

796

global values that will affect connections (such as bf(motd file)), or globals

797

that will affect other include files.

798

799

For example, this is a useful /etc/rsyncd.conf file:

800

801

verb( port = 873

802

log file = /var/log/rsync.log

803

pid file = /var/lock/rsync.lock

804

805

&merge /etc/rsyncd.d

806

&include /etc/rsyncd.d )

807

808

This would merge any /etc/rsyncd.d/*.inc files (for global values that should

809

stay in effect), and then include any /etc/rsyncd.d/*.conf files (defining

810

modules without any global-value cross-talk).

811

624

812

manpagesection(AUTHENTICATION STRENGTH)

625

813

626

814

The authentication protocol used in rsync is a 128 bit MD4 based

706

894

707

895

manpagesection(VERSION)

708

896

709

This man page is current for version 3.0.9 of rsync.

897

This man page is current for version 3.1.0 of rsync.

710

898

711

899

manpagesection(CREDITS)

712

900

713

rsync is distributed under the GNU public license. See the file

901

rsync is distributed under the GNU General Public License. See the file

714

902

COPYING for details.

715

903

716

904

The primary ftp site for rsync is

Older »