Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Let The Music Play: Join EFF Today

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 176 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

rsyncd.conf



SYNOPSIS

       rsyncd.conf


DESCRIPTION

       The rsyncd.conf file is the runtime configuration file for
       rsync when run as an rsync server.

       The rsyncd.conf file controls authentication, access, log­
       ging and available modules.


FILE FORMAT

       The  file  consists  of  modules  and parameters. A module
       begins with the name of the module in square brackets  and
       continues  until  the  next module begins. Modules contain
       parameters of the form ´name = value´.

       The file is line-based - that is, each  newline-terminated
       line  represents  either  a  comment,  a  module name or a
       parameter.

       Only the first equals sign in a parameter is  significant.
       Whitespace  before  or after the first equals sign is dis­
       carded. Leading, trailing and internal whitespace in  mod­
       ule  and parameter names is irrelevant. Leading and trail­
       ing whitespace in a parameter value is discarded. Internal
       whitespace  within a parameter value is retained verbatim.

       Any line beginning with a hash  (#)  is  ignored,  as  are
       lines containing only whitespace.

       Any  line ending in a \ is "continued" on the next line in
       the customary UNIX fashion.

       The values following the equals sign in parameters are all
       either a string (no quotes needed) or a boolean, which may
       be given as yes/no, 0/1 or true/false. Case is not signif­
       icant  in  boolean values, but is preserved in string val­
       ues.


LAUNCHING THE RSYNC DAEMON

       The rsync daemon is launched by  specifying  the  --daemon
       option to rsync.

       The  daemon  must  run with root privileges if you wish to
       use chroot, to bind to a port numbered under 1024  (as  is
       the default 873), or to set file ownership.  Otherwise, it
       must just have permission to read and write the  appropri­
       ate data, log, and lock files.

       and a single line something like this to /etc/inetd.conf:

              rsync       stream      tcp         nowait     root
              /usr/bin/rsync rsyncd --daemon

       Replace "/usr/bin/rsync" with the path to where  you  have
       rsync  installed  on  your  system.  You will then need to
       send inetd a HUP signal to tell it to  reread  its  config
       file.

       Note  that you should not send the rsync server a HUP sig­
       nal to force it to reread the rsyncd.conf file.  The  file
       is re-read on each client connection.


GLOBAL OPTIONS

       The  first  parameters  in  the  file  (before  a [module]
       header) are the global parameters.

       You may also include any module parameters in  the  global
       part  of  the config file in which case the supplied value
       will override the default for that parameter.

       motd file
              The "motd file" option  allows  you  to  specify  a
              "message  of the day" to display to clients on each
              connect. This usually contains site information and
              any legal notices. The default is no motd file.

       log file
              The "log file" option tells the rsync daemon to log
              messages to that file  rather  than  using  syslog.
              This  is  particularly  useful  on systems (such as
              AIX) where syslog() doesn´t work for chrooted  pro­
              grams.

       pid file
              The  "pid  file"  option  tells the rsync daemon to
              write its process id to that file.

       syslog facility
              The "syslog facility" option allows you to  specify
              the  syslog  facility name to use when logging mes­
              sages from the rsync server. You may use any  stan­
              dard  syslog facility name which is defined on your
              system. Common names are auth, authpriv, cron, dae­
              mon,  ftp, kern, lpr, mail, news, security, syslog,
              user, uucp, local0, local1, local2, local3, local4,


MODULE OPTIONS

       After  the  global  options  you should define a number of
       modules, each module exports a directory tree  as  a  sym­
       bolic  name.  Modules  are exported by specifying a module
       name in square brackets [module] followed by  the  options
       for that module.

       comment
              The "comment" option specifies a description string
              that is displayed next  to  the  module  name  when
              clients  obtain  a  list  of available modules. The
              default is no comment.

       path   The "path" option specifies the  directory  in  the
              servers  filesystem  to make available in this mod­
              ule.  You must specify this option for each  module
              in rsyncd.conf.

       use chroot
              If  "use  chroot"  is  true,  the rsync server will
              chroot to  the  "path"  before  starting  the  file
              transfer  with  the client.  This has the advantage
              of extra protection against possible implementation
              security  holes,  but  it  has the disadvantages of
              requiring super-user privileges, of not being  able
              to  follow  symbolic  links outside of the new root
              path when reading, and of implying  the  --numeric-
              ids  option  because /etc/passwd becomes inaccessi­
              ble.  When "use chroot" is false, for security rea­
              sons  symlinks  may only be relative paths pointing
              to other files within the root  path,  and  leading
              slashes  are  removed  from  absolute  paths.   The
              default for "use chroot" is true.

       max connections
              The "max connections" option allows you to  specify
              the  maximum number of simultaneous connections you
              will allow.  Any clients connecting when the  maxi­
              mum has been reached will receive a message telling
              them to try later.  The default is 0 which means no
              limit.  See also the "lock file" option.

       lock file
              The "lock file" option specifies the file to use to
              support the "max  connections"  option.  The  rsync
              server  uses  record locking on this file to ensure

       list   The  "list" option determines if this module should
              be listed when the client asks  for  a  listing  of
              available modules. By setting this to false you can
              create hidden modules. The default is  for  modules
              to be listable.

       uid    The "uid" option specifies the user name or user id
              that file transfers to and from that module  should
              take  place  as when the daemon was run as root. In
              combination with the "gid" option  this  determines
              what file permissions are available. The default is
              uid -2, which is normally the user "nobody".

       gid    The "gid" option specifies the group name or  group
              id  that  file  transfers  to  and from that module
              should take place as when the  daemon  was  run  as
              root.   This  complements  the  "uid"  option.  The
              default is gid -2,  which  is  normally  the  group
              "nobody".

       exclude
              The  "exclude" option allows you to specify a space
              separated list of patterns to add  to  the  exclude
              list.  This  is equivalent to the client specifying
              these patterns with the  --exclude  option,  except
              that  the  exclude list is not passed to the client
              and thus only applies on the server:  that  is,  it
              excludes  files received by a client when receiving
              from a server and files deleted on  a  server  when
              sending  to  a server, but it doesn´t exclude files
              sent from a client when  sending  to  a  server  or
              files  deleted  on  a  client when receiving from a
              server.  Only one "exclude" option  may  be  speci­
              fied,  but  you can use "-" and "+" before patterns
              to specify exclude/include.

              Note that this option is not designed  with  strong
              security  in  mind,  it  is  quite  possible that a
              client may find a way to bypass this exclude  list.
              If you want to absolutely ensure that certain files
              cannot be accessed then use the uid/gid options  in
              combination with file permissions.

       exclude from
              The  "exclude  from" option specifies a filename on
              the server that contains exclude patterns, one  per
              line.  This  is equivalent to the client specifying
              the --exclude-from option with  a  equivalent  file
              also the "exclude" option above.

       include from
              The  "include  from" option specifies a filename on
              the server that contains include patterns, one  per
              line.  This  is equivalent to the client specifying
              the --include-from option with  a  equivalent  file
              except  that  it  applies  only on the server.  See
              also the "exclude" option above.

       auth users
              The "auth users" option specifies a comma and space
              separated list of usernames that will be allowed to
              connect to this module. The usernames do  not  need
              to  exist  on  the  local system. The usernames may
              also contain shell wildcard  characters.  If  "auth
              users" is set then the client will be challenged to
              supply a username and password to  connect  to  the
              module.  A challenge response authentication proto­
              col is used for this exchange. The plain text user­
              names  are  passwords are stored in the file speci­
              fied by the "secrets file" option. The  default  is
              for all users to be able to connect without a pass­
              word (this is called "anonymous rsync").

              See also the CONNECTING TO AN RSYNC SERVER  OVER  A
              REMOTE SHELL PROGRAM section in rsync(1) for infor­
              mation on how handle an rsyncd.conf-level  username
              that  differs  from the remote-shell-level username
              when using a remote shell to  connect  to  a  rsync
              server.

       secrets file
              The  "secrets  file" option specifies the name of a
              file that contains the username:password pairs used
              for  authenticating  this module. This file is only
              consulted if the "auth users" option is  specified.
              The  file is line based and contains username:pass­
              word pairs separated by a single  colon.  Any  line
              starting  with  a  hash (#) is considered a comment
              and is skipped. The passwords can contain any char­
              acters  but  be  warned that many operating systems
              limit the length of passwords that can be typed  at
              the  client  end,  so  you  may find that passwords
              longer than 8 characters don´t work.

              There is no default for the "secrets file"  option,
              you     must     choose    a    name    (such    as
              /etc/rsyncd.secrets).  The file must  normally  not

       hosts allow
              The  "hosts  allow"  option allows you to specify a
              list of patterns that are matched  against  a  con­
              necting clients hostname and IP address. If none of
              the patterns match then the connection is rejected.

              Each pattern can be in one of five forms:

       o      a  dotted decimal IPv4 address of the form a.b.c.d,
              or an IPv6 address of  the  form  a:b:c::d:e:f.  In
              this  case  the  incoming machine´s IP address must
              match exactly.

       o      an address/mask in the form ipaddr/n  where  ipaddr
              is  the  IP address and n is the number of one bits
              in the netmask.  All IP addresses which  match  the
              masked IP address will be allowed in.

       o      an  address/mask  in the form ipaddr/maskaddr where
              ipaddr is the IP address and maskaddr is  the  net­
              mask  in dotted decimal notation for IPv4, or simi­
              lar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of
              /64.  All  IP  addresses  which match the masked IP
              address will be allowed in.

       o      a hostname. The hostname as determined by a reverse
              lookup  will  be matched (case insensitive) against
              the pattern. Only an exact match is allowed in.

       o      a  hostname  pattern  using  wildcards.  These  are
              matched  using  the same rules as normal unix file­
              name matching. If  the  pattern  matches  then  the
              client is allowed in.

              Note  IPv6 link-local addresses can have a scope in
              the address specification:

              fe80::1%link1
              fe80::%link1/64
              fe80::%link1/ffff:ffff:ffff:ffff::

              You can also combine "hosts allow" with a  separate
              "hosts  deny" option. If both options are specified
              then the "hosts allow" option s checked first and a
              match  results in the client being able to connect.
              The "hosts deny" option is then checked and a match

              The  default is no "hosts deny" option, which means
              all hosts can connect.

       ignore errors
              The "ignore errors" option tells rsyncd  to  ignore
              IO  errors  on  the server when deciding whether to
              run the delete  phase  of  the  transfer.  Normally
              rsync skips the --delete step if any IO errors have
              occurred in order to prevent  disasterous  deletion
              due  to  a  temporary resource shortage or other IO
              error. In some cases this test is  counter  produc­
              tive  so  you  can use this option to turn off this
              behaviour.

       ignore nonreadable
              This tells the rsync server  to  completely  ignore
              files  that  are  not readable by the user. This is
              useful for public archives that may have some  non-
              readable  files  among  the  directories,  and  the
              sysadmin doesn´t want those files  to  be  seen  at
              all.

       transfer logging
              The "transfer logging" option enables per-file log­
              ging of downloads and uploads in a format  somewhat
              similar to that used by ftp daemons. If you want to
              customize the log formats look at  the  log  format
              option.

       log format
              The  "log  format" option allows you to specify the
              format used for logging file transfers when  trans­
              fer logging is enabled. The format is a text string
              containing   embedded   single   character   escape
              sequences prefixed with a percent (%) character.

              The prefixes that are understood are:

       o      %h for the remote host name

       o      %a for the remote IP address

       o      %l for the length of the file in bytes

       o      %p for the process id of this rsync session

       o      %b for the number of bytes actually transferred

       o      %c  when  sending  files  this  gives the number of
              checksum bytes received for this file

              The default log format is "%o %h [%a]  %m  (%u)  %f
              %l", and a "%t [%p] " is always added to the begin­
              ning when using the "log file" option.

              A perl script called rsyncstats to  summarize  this
              format is included in the rsync source code distri­
              bution.

       timeout
              The "timeout" option allows  you  to  override  the
              clients  choice  for  IO  timeout  for this module.
              Using this option you can ensure that  rsync  won´t
              wait on a dead client forever. The timeout is spec­
              ified in seconds. A value of zero means no  timeout
              and  is  the  default.  A good choice for anonymous
              rsync servers may be 600 (giving a 10 minute  time­
              out).

       refuse options
              The "refuse options" option allows you to specify a
              space separated list of rsync command line  options
              that  will  be  refused  by your rsync server.  The
              full names of the options must be used  (i.e.,  you
              must  use  "checksum"  not "c" to disable checksum­
              ming).  When  an  option  is  refused,  the  server
              prints  an error message and exits.  To prevent all
              compression, you can use "dont compress =  *"  (see
              below)  instead  of  "refuse options = compress" to
              avoid returning an error to a client that  requests
              compression.

       dont compress
              The  "dont  compress"  option  allows you to select
              filenames based on wildcard  patterns  that  should
              not  be  compressed during transfer. Compression is
              expensive in terms of CPU usage so  it  is  usually
              good  to  not try to compress files that won´t com­
              press well, such as already compressed files.

              The "dont compress" option takes a space  separated
              list  of  case-insensitive  wildcard  patterns. Any
              source filename matching one of the  patterns  will
              not be compressed during transfer.

       enough for most purposes but if you want really top  qual­
       ity security then I recommend that you run rsync over ssh.

       Also note that the rsync server  protocol  does  not  cur­
       rently  provide  any encryption of the data that is trans­
       ferred over the link. Only authentication is provided. Use
       ssh as the transport if you want encryption.

       Future  versions  of  rsync  may  support  SSL  for better
       authentication and encryption, but  that  is  still  being
       investigated.


EXAMPLES

       A  simple rsyncd.conf file that allow anonymous rsync to a
       ftp area at /home/ftp would be:

       [ftp]
               path = /home/ftp
               comment = ftp export area

       A more sophisticated example would be:

       uid = nobody
       gid = nobody
       use chroot = no
       max connections = 4
       syslog facility = local5
       pid file = /var/run/rsyncd.pid

       [ftp]
               path = /var/ftp/pub
               comment = whole ftp area (approx 6.1 GB)

       [sambaftp]
               path = /var/ftp/pub/samba
               comment = Samba ftp area (approx 300 MB)

       [rsyncftp]
               path = /var/ftp/pub/rsync
               comment = rsync ftp area (approx 6 MB)

       [sambawww]
               path = /public_html/samba

       tridge:mypass
       susan:herpass


FILES

       /etc/rsyncd.conf or rsyncd.conf


SEE ALSO

       rsync(1)


DIAGNOSTICS


BUGS

       The rsync server does not send all types of error messages
       to the client. this means a client may be mystified as  to
       why  a transfer failed. The error will have been logged by
       syslog on the server.

       Please report bugs!  The  rsync  bug  tracking  system  is
       online at http://rsync.samba.org/


VERSION

       This man page is current for version 2.0 of rsync


CREDITS

       rsync  is  distributed  under the GNU public license.  See
       the file COPYING for details.

       The     primary     ftp     site     for     rsync      is
       ftp://rsync.samba.org/pub/rsync.

       A WEB site is available at http://rsync.samba.org/

       We  would  be  delighted to hear from you if you like this
       program.

       This program uses the zlib compression library written  by
       Jean-loup Gailly and Mark Adler.


THANKS

       Thanks  to  Warren Stanley for his original idea and patch
       for the rsync server. Thanks to Karsten Thygesen  for  his
       many suggestions and documentation!


AUTHOR

       rsync  was  written by Andrew Tridgell and Paul Mackerras.
       They may be contacted via email  at  tridge@samba.org  and
  

Looking for a "printer friendly" version?


Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
The Linux Tutorial can use your help.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds