Basic rsyncd.conf

Linux howto's, compile information, information on whatever we learned on working with linux, MACOs and - of course - Products of the big evil....

Basic rsyncd.conf

Postby ^rooker » Sat Dec 17, 2016 2:20 am

Since Debian/Ubuntu don't come with a default one, here's a basic rsyncd.conf file:
Code: Select all
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock

[documents]
   path = /home/user/work
   comment = User's Documents folder
   uid = user
   gid = user
   read only = no
   auth users = user
   secrets file = /etc/rsyncd.secrets


Copy/paste from user telebog on superuser.com. Thanks telebog! :D
  • 0

Jumping out of an airplane is not a basic instinct. Neither is breathing underwater. But put the two together and you're traveling through space!
User avatar
^rooker
Site Admin
 
Posts: 1444
Joined: Fri Aug 29, 2003 8:39 pm
Reputation: 0

Re: Basic rsyncd.conf

Postby gilthanaz » Mon Dec 19, 2016 4:55 pm

* If you use rsync to sync dirs like /etc you must specify uid/gid = root. Else you get silent ignores of everything the default rsync user has no access rights to :) You should know about security issues when doing that. It's hard to find out your /etc backup never really worked when you want to restore a system (that was in the pre-snapshot-everything-era, but still).

* Authentication and the rat's tail it causes can be avoided by using an IP filter in the rsync configuration (only hosts from x.x.x.x may connnect). This makes things very easy, given you're on static IPs. For this, simply add the line:

Code: Select all
hosts allow = 192.168.x.x


or wildcard:

Code: Select all
hosts allow = 192.168.0.0/24


within your [share] block (in the above example, [documents]). In case you have multiple shares that you want to use the same IP restriction(s), move the 'hosts allow' line to the global config section of rsyncd.conf (in the above example, the line would be after the 'lock file' entry, before the [documents] block).

The following would then be obsolete:
Code: Select all
  auth users = user
  secrets file = /etc/rsyncd.secrets


Reasons? I prefer filtering by IP if possible and meaningful, because you can't exploit where you can't connect ;) At least mostly... Also I strongly dislike fidling around with secret files.
  • 0

User avatar
gilthanaz
Site Admin
 
Posts: 443
Joined: Fri Aug 29, 2003 9:29 pm
Reputation: 0


Return to Knowledge Base

Who is online

Users browsing this forum: No registered users and 2 guests

Who is online over last 24 hours

Users browsed this forum in the last 24 hours: Bing [Bot], Google [Bot] and 11 guests

cron
Reputation System ©'