Basic rsyncd.conf

Linux howto's, compile information, information on whatever we learned on working with linux, MACOs and - of course - Products of the big evil....
Post Reply
User avatar
^rooker
Site Admin
Posts: 1482
Joined: Fri Aug 29, 2003 8:39 pm

Basic rsyncd.conf

Post by ^rooker »

Since Debian/Ubuntu don't come with a default one, here's a basic rsyncd.conf file:

Code: Select all

log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock

[documents]
   path = /home/user/work
   comment = User's Documents folder
   uid = user
   gid = user
   read only = no
   auth users = user
   secrets file = /etc/rsyncd.secrets
Copy/paste from user telebog on superuser.com. Thanks telebog! :D
Jumping out of an airplane is not a basic instinct. Neither is breathing underwater. But put the two together and you're traveling through space!
gilthanaz
Site Admin
Posts: 444
Joined: Fri Aug 29, 2003 9:29 pm
Contact:

Re: Basic rsyncd.conf

Post by gilthanaz »

* If you use rsync to sync dirs like /etc you must specify uid/gid = root. Else you get silent ignores of everything the default rsync user has no access rights to :) You should know about security issues when doing that. It's hard to find out your /etc backup never really worked when you want to restore a system (that was in the pre-snapshot-everything-era, but still).

* Authentication and the rat's tail it causes can be avoided by using an IP filter in the rsync configuration (only hosts from x.x.x.x may connnect). This makes things very easy, given you're on static IPs. For this, simply add the line:

Code: Select all

hosts allow = 192.168.x.x
or wildcard:

Code: Select all

hosts allow = 192.168.0.0/24
within your [share] block (in the above example, [documents]). In case you have multiple shares that you want to use the same IP restriction(s), move the 'hosts allow' line to the global config section of rsyncd.conf (in the above example, the line would be after the 'lock file' entry, before the [documents] block).

The following would then be obsolete:

Code: Select all

  auth users = user
  secrets file = /etc/rsyncd.secrets
Reasons? I prefer filtering by IP if possible and meaningful, because you can't exploit where you can't connect ;) At least mostly... Also I strongly dislike fidling around with secret files.
Post Reply