Basic rsyncd.conf

[^rooker]

Since Debian/Ubuntu don't come with a default one, here's a basic rsyncd.conf file:

Code: Select all

log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock

[documents]
   path = /home/user/work
   comment = User's Documents folder
   uid = user
   gid = user
   read only = no
   auth users = user
   secrets file = /etc/rsyncd.secrets

Copy/paste from user telebog on superuser.com. Thanks telebog!

[gilthanaz]

* If you use rsync to sync dirs like /etc you must specify uid/gid = root. Else you get silent ignores of everything the default rsync user has no access rights to You should know about security issues when doing that. It's hard to find out your /etc backup never really worked when you want to restore a system (that was in the pre-snapshot-everything-era, but still).

* Authentication and the rat's tail it causes can be avoided by using an IP filter in the rsync configuration (only hosts from x.x.x.x may connnect). This makes things very easy, given you're on static IPs. For this, simply add the line:

Code: Select all

hosts allow = 192.168.x.x

or wildcard:

Code: Select all

hosts allow = 192.168.0.0/24

within your [share] block (in the above example, [documents]). In case you have multiple shares that you want to use the same IP restriction(s), move the 'hosts allow' line to the global config section of rsyncd.conf (in the above example, the line would be after the 'lock file' entry, before the [documents] block).

The following would then be obsolete:

Code: Select all

  auth users = user
  secrets file = /etc/rsyncd.secrets

Reasons? I prefer filtering by IP if possible and meaningful, because you can't exploit where you can't connect At least mostly... Also I strongly dislike fidling around with secret files.