1 Here's a new version of my rsync-server-over-remote-shell patch:
3 - diffs (-u) against 2.5.0
5 - syntax for running rsync server over remote shell is
7 rsync [options] -e ssh source [user@]host::module[/dest]
8 rsync [options] -e ssh [user@]host::module[/source] dest
10 If you need different usernames at the rsyncd and ssh levels, you
13 rsync [options] -e "ssh -l ssh-user" source rsyncd-user@host::module[/path]
15 - rsync_module() now uses the SSH_CLIENT environment variable to get
16 an IP address. As Martin mentioned, there is the potential for
17 spoofing here, if the client can control what the SSH_CLIENT
18 environment variable contains. (However, if the client can control
19 the environment on the server side, it can do pretty much whatever
20 it wants anyway....) If you're using this in a locked-down scheme
21 with single-use SSH keys, then there's no way for the client to do
22 anything to the environment, and it should be safe.
29 P.S. Question -- is the enum { } of all the OPT_ variables in
30 options.c necessary any more? It looks like it's not.
32 On Tue, 20 Nov 2001, JD Paul wrote:
36 > I've made the changes to my code changes and the new diffs (against
37 > 2.4.6 again) are included below.
39 > Syntax for running rsync server over a remote shell (e.g. ssh) is now:
41 > rsync [options] -e ssh source [user@]host::module[/dest]
42 > rsync [options] -e ssh [user@]host::module[/source] dest
47 > jdpaul@interstel.net
50 -------------------------<cut here>-----------------------------------
54 ===================================================================
55 RCS file: /juno/repository/usr/local/pkg/rsync/authenticate.c,v
56 retrieving revision 1.1.1.5
57 retrieving revision 1.4
58 diff -u -b -r1.1.1.5 -r1.4
59 --- authenticate.c 2001/12/03 23:48:45 1.1.1.5
60 +++ authenticate.c 2001/12/04 00:10:38 1.4
63 otherwise return username
65 -char *auth_server(int fd, int module, char *addr, char *leader)
66 +char *auth_server(int f_in, int f_out, int module, char *addr, char *leader)
68 char *users = lp_auth_users(module);
72 base64_encode(challenge, 16, b64_challenge);
74 - io_printf(fd,"%s%s\n", leader, b64_challenge);
75 + io_printf(f_out,"%s%s\n", leader, b64_challenge);
77 - if (!read_line(fd, line, sizeof(line)-1)) {
78 + if (!read_line(f_in, line, sizeof(line)-1)) {
83 ===================================================================
84 RCS file: /juno/repository/usr/local/pkg/rsync/clientserver.c,v
85 retrieving revision 1.1.1.5
86 retrieving revision 1.11
87 diff -u -b -r1.1.1.5 -r1.11
88 --- clientserver.c 2001/12/03 23:48:48 1.1.1.5
89 +++ clientserver.c 2001/12/04 04:51:10 1.11
92 int start_socket_client(char *host, char *path, int argc, char *argv[])
95 - char *sargs[MAX_ARGS];
97 - char line[MAXPATHLEN];
101 extern int remote_version;
102 extern int am_sender;
103 extern char *shell_cmd;
104 - extern int kludge_around_eof;
105 extern char *bind_address;
107 if (argc == 0 && !am_sender) {
108 extern int list_only;
112 - /* This is just a friendliness enhancement: if the connection
113 - * is to an rsyncd then there is no point specifying the -e option.
114 - * Note that this is only set if the -e was explicitly specified,
115 - * not if the environment variable just happens to be set.
116 - * See http://lists.samba.org/pipermail/rsync/2000-September/002744.html
119 - rprintf(FERROR, "WARNING: --rsh or -e option ignored when "
120 - "connecting to rsync daemon\n");
124 + /* this is redundant with code in start_inband_exchange(), but
125 + this short-circuits a problem before we open a socket, and
126 + the extra check won't hurt */
128 rprintf(FERROR,"ERROR: The remote path must start with a module name not a /\n");
134 - if (!user) user = getenv("USER");
135 - if (!user) user = getenv("LOGNAME");
137 fd = open_socket_out_wrapped (host, rsync_port, bind_address,
138 global_opts.af_hint);
140 exit_cleanup(RERR_SOCKETIO);
143 + ret = start_inband_exchange(user, path, fd, fd, argc, argv);
145 + return (ret < 0 ) ? ret : client_run(fd, fd, -1, argc, argv);
148 +int start_inband_exchange(char *user, char *path, int f_in, int f_out, int argc, char *argv[])
151 + char *sargs[MAX_ARGS];
153 + char line[MAXPATHLEN];
155 + extern int remote_version;
156 + extern int kludge_around_eof;
157 + extern int am_sender;
158 + extern int daemon_over_rsh;
160 + if (argc == 0 && !am_sender) {
161 + extern int list_only;
165 + if (*path == '/') {
166 + rprintf(FERROR,"ERROR: The remote path must start with a module name\n");
170 + if (!user) user = getenv("USER");
171 + if (!user) user = getenv("LOGNAME");
173 + /* set daemon_over_rsh to false since we need to build the
174 + true set of args passed through the rsh/ssh connection;
175 + this is a no-op for direct-socket-connection mode */
176 + daemon_over_rsh = 0;
177 server_options(sargs,&sargc);
179 sargs[sargc++] = ".";
184 - io_printf(fd,"@RSYNCD: %d\n", PROTOCOL_VERSION);
185 + io_printf(f_out,"@RSYNCD: %d\n", PROTOCOL_VERSION);
187 - if (!read_line(fd, line, sizeof(line)-1)) {
188 + if (!read_line(f_in, line, sizeof(line)-1)) {
194 p = strchr(path,'/');
196 - io_printf(fd,"%s\n",path);
197 + io_printf(f_out,"%s\n",path);
200 /* Old servers may just drop the connection here,
201 @@ -113,12 +132,12 @@
202 kludge_around_eof = remote_version < 25;
205 - if (!read_line(fd, line, sizeof(line)-1)) {
206 + if (!read_line(f_in, line, sizeof(line)-1)) {
210 if (strncmp(line,"@RSYNCD: AUTHREQD ",18) == 0) {
211 - auth_client(fd, user, line+18);
212 + auth_client(f_out, user, line+18);
216 @@ -131,69 +150,97 @@
217 kludge_around_eof = False;
219 for (i=0;i<sargc;i++) {
220 - io_printf(fd,"%s\n", sargs[i]);
221 + io_printf(f_out,"%s\n", sargs[i]);
223 - io_printf(fd,"\n");
224 + io_printf(f_out,"\n");
226 if (remote_version < 23) {
227 if (remote_version == 22 || (remote_version > 17 && !am_sender))
228 - io_start_multiplex_in(fd);
229 + io_start_multiplex_in(f_in);
232 - return client_run(fd, fd, -1, argc, argv);
239 -static int rsync_module(int fd, int i)
240 +static int rsync_module(int f_in, int f_out, int i)
243 char *argv[MAX_ARGS];
245 char line[MAXPATHLEN];
246 + char addr_buf[128];
247 uid_t uid = (uid_t)-2; /* canonically "nobody" */
248 gid_t gid = (gid_t)-2;
250 - char *addr = client_addr(fd);
251 - char *host = client_name(fd);
254 char *name = lp_name(i);
255 int use_chroot = lp_use_chroot(i);
259 extern int am_sender;
260 + extern int am_server;
261 + extern int am_daemon;
262 extern int remote_version;
265 + if (is_a_socket(f_in)) {
266 + addr = client_addr(f_in);
267 + host = client_name(f_in);
269 + char *ssh_client = getenv("SSH_CLIENT");
271 + strlcpy(addr_buf, ssh_client, sizeof(addr_buf));
272 + /* truncate SSH_CLIENT to just IP address */
273 + p = strchr(addr_buf, ' ');
278 + host = "remote.shell.connection";
281 + host = "remote.shell.connection";
285 if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
286 rprintf(FERROR,"rsync denied on module %s from %s (%s)\n",
287 - name, client_name(fd), client_addr(fd));
288 - io_printf(fd,"@ERROR: access denied to %s from %s (%s)\n",
289 - name, client_name(fd), client_addr(fd));
291 + io_printf(f_out,"@ERROR: access denied to %s from %s (%s)\n",
296 + if (am_daemon && am_server) {
297 + rprintf(FINFO, "rsync allowed access on module %s from %s (%s)\n",
301 if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) {
303 rprintf(FERROR,"failed to open lock file %s : %s\n",
304 lp_lock_file(i), strerror(errno));
305 - io_printf(fd,"@ERROR: failed to open lock file %s : %s\n",
306 + io_printf(f_out,"@ERROR: failed to open lock file %s : %s\n",
307 lp_lock_file(i), strerror(errno));
309 rprintf(FERROR,"max connections (%d) reached\n",
310 lp_max_connections(i));
311 - io_printf(fd,"@ERROR: max connections (%d) reached - try again later\n", lp_max_connections(i));
312 + io_printf(f_out,"@ERROR: max connections (%d) reached - try again later\n", lp_max_connections(i));
318 - auth_user = auth_server(fd, i, addr, "@RSYNCD: AUTHREQD ");
319 + auth_user = auth_server(f_in, f_out, i, addr, "@RSYNCD: AUTHREQD ");
322 rprintf(FERROR,"auth failed on module %s from %s (%s)\n",
323 - name, client_name(fd), client_addr(fd));
324 - io_printf(fd,"@ERROR: auth failed on module %s\n",name);
326 + io_printf(f_out,"@ERROR: auth failed on module %s\n",name);
331 if (!name_to_uid(p, &uid)) {
333 rprintf(FERROR,"Invalid uid %s\n", p);
334 - io_printf(fd,"@ERROR: invalid uid %s\n", p);
335 + io_printf(f_out,"@ERROR: invalid uid\n");
340 if (!name_to_gid(p, &gid)) {
342 rprintf(FERROR,"Invalid gid %s\n", p);
343 - io_printf(fd,"@ERROR: invalid gid %s\n", p);
344 + io_printf(f_out,"@ERROR: invalid gid\n");
348 @@ -259,20 +306,20 @@
350 if (chroot(lp_path(i))) {
351 rsyserr(FERROR, errno, "chroot %s failed", lp_path(i));
352 - io_printf(fd,"@ERROR: chroot failed\n");
353 + io_printf(f_out,"@ERROR: chroot failed\n");
357 if (!push_dir("/", 0)) {
358 rsyserr(FERROR, errno, "chdir %s failed\n", lp_path(i));
359 - io_printf(fd,"@ERROR: chdir failed\n");
360 + io_printf(f_out,"@ERROR: chdir failed\n");
365 if (!push_dir(lp_path(i), 0)) {
366 rsyserr(FERROR, errno, "chdir %s failed\n", lp_path(i));
367 - io_printf(fd,"@ERROR: chdir failed\n");
368 + io_printf(f_out,"@ERROR: chdir failed\n");
372 @@ -281,25 +328,25 @@
375 rsyserr(FERROR, errno, "setgid %d failed", (int) gid);
376 - io_printf(fd,"@ERROR: setgid failed\n");
377 + io_printf(f_out,"@ERROR: setgid failed\n");
382 rsyserr(FERROR, errno, "setuid %d failed", (int) uid);
383 - io_printf(fd,"@ERROR: setuid failed\n");
384 + io_printf(f_out,"@ERROR: setuid failed\n");
388 am_root = (getuid() == 0);
391 - io_printf(fd,"@RSYNCD: OK\n");
392 + io_printf(f_out,"@RSYNCD: OK\n");
394 argv[argc++] = "rsyncd";
397 - if (!read_line(fd, line, sizeof(line)-1)) {
398 + if (!read_line(f_in, line, sizeof(line)-1)) {
404 if (remote_version < 23) {
405 if (remote_version == 22 || (remote_version > 17 && am_sender))
406 - io_start_multiplex_out(fd);
407 + io_start_multiplex_out(f_out);
410 /* For later protocol versions, we don't start multiplexing
412 io_timeout = lp_timeout(i);
415 - start_server(fd, fd, argc, argp);
416 + start_server(f_in, f_out, argc, argp);
420 @@ -409,26 +456,29 @@
421 io_printf(fd,"@RSYNCD: EXIT\n");
424 -/* this is called when a socket connection is established to a client
425 +/* this is called when a connection is established to a client
426 and we want to start talking. The setup of the system is done from
428 -static int start_daemon(int fd)
429 +int start_daemon(int f_in, int f_out)
434 extern char *config_file;
435 extern int remote_version;
436 + extern int am_server;
438 if (!lp_load(config_file, 0)) {
439 exit_cleanup(RERR_SYNTAX);
442 - set_socket_options(fd,"SO_KEEPALIVE");
443 - set_socket_options(fd,lp_socket_options());
444 - set_nonblocking(fd);
445 + if ( !am_server ) {
446 + set_socket_options(f_in,"SO_KEEPALIVE");
447 + set_socket_options(f_in,lp_socket_options());
448 + set_nonblocking(f_in);
451 - io_printf(fd,"@RSYNCD: %d\n", PROTOCOL_VERSION);
452 + io_printf(f_out,"@RSYNCD: %d\n", PROTOCOL_VERSION);
454 motd = lp_motd_file();
456 @@ -437,50 +487,49 @@
457 int len = fread(line, 1, sizeof(line)-1, f);
460 - io_printf(fd,"%s", line);
461 + io_printf(f_out,"%s", line);
465 - io_printf(fd,"\n");
466 + io_printf(f_out,"\n");
469 - if (!read_line(fd, line, sizeof(line)-1)) {
470 + if (!read_line(f_in, line, sizeof(line)-1)) {
474 if (sscanf(line,"@RSYNCD: %d", &remote_version) != 1) {
475 - io_printf(fd,"@ERROR: protocol startup error\n");
476 + io_printf(f_out,"@ERROR: protocol startup error\n");
482 - if (!read_line(fd, line, sizeof(line)-1)) {
483 + if (!read_line(f_in, line, sizeof(line)-1)) {
487 if (!*line || strcmp(line,"#list")==0) {
489 + send_listing(f_out);
494 /* it's some sort of command that I don't understand */
495 - io_printf(fd,"@ERROR: Unknown command '%s'\n", line);
496 + io_printf(f_out,"@ERROR: Unknown command '%s'\n", line);
502 - io_printf(fd,"@ERROR: Unknown module '%s'\n", line);
503 + io_printf(f_out,"@ERROR: Unknown module '%s'\n", line);
508 - return rsync_module(fd, i);
509 + return rsync_module(f_in, f_out, i);
513 int daemon_main(void)
515 extern char *config_file;
517 open("/dev/null", O_RDWR);
520 - return start_daemon(STDIN_FILENO);
521 + return start_daemon(STDIN_FILENO, STDIN_FILENO);
526 ===================================================================
527 RCS file: /juno/repository/usr/local/pkg/rsync/main.c,v
528 retrieving revision 1.1.1.7
529 retrieving revision 1.7
530 diff -u -b -r1.1.1.7 -r1.7
531 --- main.c 2001/12/03 23:48:56 1.1.1.7
532 +++ main.c 2001/12/04 00:10:38 1.7
537 + int dash_l_set = 0;
538 extern int local_server;
539 extern char *rsync_path;
540 extern int blocking_io;
541 + extern int daemon_over_rsh;
542 extern int read_batch;
544 if (!read_batch && !local_server) { /* dw -- added read_batch */
545 @@ -151,15 +153,23 @@
549 + /* check to see if we've already been given '-l user' in
550 + the remote-shell command */
551 + for (i=0;i<(argc-1);i++) {
552 + if (!strcmp("-l", args[i]) && (args[i+1][0] != '-')) {
558 /* remsh (on HPUX) takes the arguments the other way around */
559 args[argc++] = machine;
561 + if (user && !(daemon_over_rsh && dash_l_set)) {
567 + if (user && !(daemon_over_rsh && dash_l_set)) {
575 + if (!daemon_over_rsh) {
582 @@ -617,15 +629,17 @@
583 extern int am_sender;
584 extern char *shell_cmd;
585 extern int rsync_port;
586 + extern int daemon_over_rsh;
587 extern int whole_file;
588 extern int read_batch;
591 /* Don't clobber argv[] so that ps(1) can still show the right
593 - if ((rc = copy_argv (argv)))
594 + if ((rc = copy_argv(argv)))
597 + /* rsync:// always uses rsync server over direct socket connection */
598 if (strncasecmp(URL_PREFIX, argv[0], strlen(URL_PREFIX)) == 0) {
605 - return start_socket_client(argv[0], p+2, argc-1, argv+1);
607 + return start_socket_client(argv[0], p+2,
611 + daemon_over_rsh = 1;
618 } else if (p[1] == ':') {
620 - return start_socket_client(argv[argc-1], p+2, argc-1, argv);
622 + return start_socket_client(argv[argc-1], p+2,
626 + daemon_over_rsh = 1;
635 - pid = do_cmd(shell_cmd,shell_machine,shell_user,shell_path,&f_in,&f_out);
636 + pid = do_cmd(shell_cmd,shell_machine,shell_user,shell_path,
639 + /* if we're running an rsync server on the remote host over a
640 + remote shell command, we need to do the RSYNCD protocol first */
641 + if (daemon_over_rsh) {
643 + tmpret = start_inband_exchange(shell_user, shell_path,
644 + f_in, f_out, argc, argv);
645 + if ( tmpret < 0 ) {
650 ret = client_run(f_in, f_out, pid, argc, argv);
654 set_batch_file_ext(batch_ext);
658 + if (am_daemon && !am_server) {
659 return daemon_main();
664 set_nonblocking(STDIN_FILENO);
665 set_nonblocking(STDOUT_FILENO);
667 + return start_daemon(STDIN_FILENO, STDOUT_FILENO);
669 start_server(STDIN_FILENO, STDOUT_FILENO, argc, argv);
673 ret = start_client(argc, argv);
675 ===================================================================
676 RCS file: /juno/repository/usr/local/pkg/rsync/options.c,v
677 retrieving revision 1.1.1.5
678 retrieving revision 1.11
679 diff -u -b -r1.1.1.5 -r1.11
680 --- options.c 2001/12/03 23:48:57 1.1.1.5
681 +++ options.c 2001/12/04 05:30:27 1.11
687 int make_backups = 0;
694 +int daemon_over_rsh = 0;
701 args[ac++] = "--server";
703 + if (daemon_over_rsh) {
704 + args[ac++] = "--daemon";
706 + /* if we're passing --daemon, we're done */
711 args[ac++] = "--sender";
713 ===================================================================
714 RCS file: /juno/repository/usr/local/pkg/rsync/proto.h,v
715 retrieving revision 1.1.1.7
716 retrieving revision 1.5
717 diff -u -b -r1.1.1.7 -r1.5
718 --- proto.h 2001/12/03 23:48:57 1.1.1.7
719 +++ proto.h 2001/12/04 00:10:38 1.5
721 /* This file is automatically generated with "make proto". DO NOT EDIT */
723 int allow_access(char *addr, char *host, char *allow_list, char *deny_list);
724 -char *auth_server(int fd, int module, char *addr, char *leader);
725 +char *auth_server(int f_in, int f_out, int module, char *addr, char *leader);
726 void auth_client(int fd, char *user, char *challenge);
727 int make_backup(char *fname);
728 void create_batch_file_ext();
730 struct map_struct *buf, int fd1, int fd2);
731 void cleanup_set_pid(int pid);
732 int start_socket_client(char *host, char *path, int argc, char *argv[]);
733 +int start_inband_exchange(char *user, char *path, int f_in, int f_out, int argc, char *argv[]);
734 +int start_daemon(int f_in, int f_out);
735 int daemon_main(void);
736 void setup_protocol(int f_out,int f_in);
737 int claim_connection(char *fname,int max_connections);
739 const char *bind_address,
741 int is_a_socket(int fd);
742 -void start_accept_loop(int port, int (*fn)(int ));
743 +void start_accept_loop(int port, int (*fn)(int, int));
744 void set_socket_options(int fd, char *options);
745 void become_daemon(void);
746 char *client_addr(int fd);
748 ===================================================================
749 RCS file: /juno/repository/usr/local/pkg/rsync/rsync.1,v
750 retrieving revision 1.1.1.7
751 retrieving revision 1.9
752 diff -u -b -r1.1.1.7 -r1.9
753 --- rsync.1 2001/12/03 23:48:58 1.1.1.7
754 +++ rsync.1 2001/12/04 05:02:26 1.9
759 -There are six different ways of using rsync\&. They are:
760 +There are eight different ways of using rsync\&. They are:
763 for copying local files\&. This is invoked when neither
768 +for copying from a remote machine using a remote shell
769 +program as the transport, using rsync server on the remote
770 +machine\&. This is invoked when the source path contains a ::
771 +separator and the --rsh=COMMAND (aka "-e COMMAND") option is
775 +for copying from the local machine to a remote machine
776 +using a remote shell program as the transport, using rsync
777 +server on the remote machine\&. This is invoked when the
778 +destination path contains a :: separator and the
779 +--rsh=COMMMAND option is also provided\&.
782 for listing files on a remote machine\&. This is done the
783 same way as rsync transfers except that you leave off the
786 using the --delete option\&.
788 You can also use rsync in local-only mode, where both the source and
789 -destination don\&'t have a \&':\&' in the name\&. In this case it behaves like
790 +destination don\'t have a \':\' in the name\&. In this case it behaves like
791 an improved copy command\&.
795 transport\&. In this case you will connect to a remote rsync server
796 running on TCP port 873\&.
798 -You may establish the connetcion via a web proxy by setting the
799 +You may establish the connection via a web proxy by setting the
800 environment variable RSYNC_PROXY to a hostname:port pair pointing to
801 your web proxy\&. Note that your web proxy must allow proxying to port
802 873, this must be configured in your proxy servers ruleset\&.
803 @@ -188,17 +202,70 @@
804 WARNING: On some systems environment variables are visible to all
805 users\&. On those systems using --password-file is recommended\&.
807 +.SH "CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM"
809 +It is sometimes useful to be able to set up file transfers using rsync
810 +server capabilities on the remote machine, while still using rsh or
811 +ssh for transport\&. This is especially useful when you want to connect
812 +to a remote machine via ssh (for encryption or to get through a
813 +firewall), but you still want to have access to the rsync server
814 +features (see RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM,
817 +From the user\'s perspective, using rsync in this way is the same as
818 +using it to connect to an rsync server, except that you must
819 +explicitly set the remote shell program on the command line with
820 +--rsh=COMMAND\&. (Setting RSYNC_RSH in the environment will not turn on
821 +this functionality\&.)
823 +In order to distinguish between the remote-shell user and the rsync
824 +server user, you can use \'-l user\' on your remote-shell command:
827 +rsync -av --rsh="ssh -l ssh-user" rsync-user@host::module[/path] local-path
830 +The "ssh-user" will be used at the ssh level; the "rsync-user" will be
831 +used to check against the rsyncd\&.conf on the remote host\&.
833 .SH "RUNNING AN RSYNC SERVER"
835 An rsync server is configured using a config file which by default is
836 called /etc/rsyncd\&.conf\&. Please see the rsyncd\&.conf(5) man page for more
839 +.SH "RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM"
841 +See the rsyncd\&.conf(5) man page for full information on the rsync
842 +server configuration file\&.
844 +Several configuration options will not be available unless the remote
845 +user is root (e\&.g\&. chroot, setuid/setgid, etc\&.)\&. There is no need to
846 +configure inetd or the services map to include the rsync server port
847 +if you run an rsync server only via a remote shell program\&.
849 +To run an rsync server out of a single-use ssh key, use the
850 +"command=\fICOMMAND\fP" syntax in the remote user\'s
851 +authorized_keys entry, where command would be
854 +rsync --server --daemon \&.
857 +NOTE: rsync\'s argument parsing expects the trailing "\&.", so make sure
858 +that it\'s there\&. If you want to use a rsyncd\&.conf(5)-style
859 +configuration file other than /etc/rsyncd\&.conf, you can added a
860 +--config-file option to the \fIcommand\fP:
863 +rsync --server --daemon --config-file=\fIfile\fP \&.
868 Here are some examples of how I use rsync\&.
870 -To backup my wife\&'s home directory, which consists of large MS Word
871 +To backup my wife\'s home directory, which consists of large MS Word
872 files and mail folders, I use a cron job that runs
879 -rsync -avuzb --exclude \&'*~\&' samba:samba/ \&.
880 +rsync -avuzb --exclude \'*~\' samba:samba/ \&.
886 this allows me to sync with a CVS directory at the other end of the
887 link\&. I then do cvs operations on the remote machine, which saves a
888 -lot of time as the remote cvs protocol isn\&'t very efficient\&.
889 +lot of time as the remote cvs protocol isn\'t very efficient\&.
891 I mirror a directory between my "old" and "new" ftp sites with the
894 -b, --backup make backups (default ~ suffix)
895 --backup-dir make backups into this directory
896 --suffix=SUFFIX override backup suffix
897 - -u, --update update only (don\&'t overwrite newer files)
898 + -u, --update update only (don\'t overwrite newer files)
899 -l, --links preserve soft links
900 -L, --copy-links treat soft links like regular files
901 --copy-unsafe-links copy links outside the source tree
902 @@ -268,22 +335,22 @@
903 -S, --sparse handle sparse files efficiently
904 -n, --dry-run show what would have been transferred
905 -W, --whole-file copy whole files, no incremental checks
906 - -x, --one-file-system don\&'t cross filesystem boundaries
907 + -x, --one-file-system don\'t cross filesystem boundaries
908 -B, --block-size=SIZE checksum blocking size (default 700)
909 -e, --rsh=COMMAND specify rsh replacement
910 --rsync-path=PATH specify path to rsync on the remote machine
911 -C, --cvs-exclude auto ignore files in the same way CVS does
912 --existing only update files that already exist
913 - --delete delete files that don\&'t exist on the sending side
914 + --delete delete files that don\'t exist on the sending side
915 --delete-excluded also delete excluded files on the receiving side
916 --delete-after delete after transferring, not before
917 --ignore-errors delete even if there are IO errors
918 - --max-delete=NUM don\&'t delete more than NUM files
919 + --max-delete=NUM don\'t delete more than NUM files
920 --partial keep partially transferred files
921 --force force deletion of directories even if not empty
922 - --numeric-ids don\&'t map uid/gid values by user/group name
923 + --numeric-ids don\'t map uid/gid values by user/group name
924 --timeout=TIME set IO timeout in seconds
925 - -I, --ignore-times don\&'t exclude files that match length and time
926 + -I, --ignore-times don\'t exclude files that match length and time
927 --size-only only use file size when determining if a file should be transferred
928 --modify-window=NUM Timestamp window (seconds) for file match (default=0)
929 -T --temp-dir=DIR create temporary files in directory DIR
931 -z, --compress compress file data
932 --exclude=PATTERN exclude files matching PATTERN
933 --exclude-from=FILE exclude patterns listed in FILE
934 - --include=PATTERN don\&'t exclude files matching PATTERN
935 - --include-from=FILE don\&'t exclude patterns listed in FILE
936 + --include=PATTERN don\'t exclude files matching PATTERN
937 + --include-from=FILE don\'t exclude patterns listed in FILE
938 --version print version number
939 --daemon run as a rsync daemon
940 --address bind to the specified address
942 rsync uses the GNU long options package\&. Many of the command line
943 options have two variants, one short and one long\&. These are shown
944 below, separated by commas\&. Some options only have a long variant\&.
945 -The \&'=\&' for options that take a parameter is optional; whitespace
946 +The \'=\' for options that take a parameter is optional; whitespace
947 can be used instead\&.
949 .IP "\fB-h, --help\fP"
952 .IP "\fB-r, --recursive\fP"
953 This tells rsync to copy directories
954 -recursively\&. If you don\&'t specify this then rsync won\&'t copy
955 +recursively\&. If you don\'t specify this then rsync won\'t copy
956 directories at all\&.
958 .IP "\fB-R, --relative\fP"
960 option is not used, the optimization that excludes files that have not been
961 modified cannot be effective; in other words, a missing -t or -a will
962 cause the next transfer to behave as if it used -I, and all files will have
963 -their checksums compared and show up in log messages even if they haven\&'t
964 +their checksums compared and show up in log messages even if they haven\'t
967 .IP "\fB-n, --dry-run\fP"
969 Try to handle sparse files efficiently so they take
970 up less space on the destination\&.
972 -NOTE: Don\&'t use this option when the destination is a Solaris "tmpfs"
973 -filesystem\&. It doesn\&'t seem to handle seeks over null regions
974 +NOTE: Don\'t use this option when the destination is a Solaris "tmpfs"
975 +filesystem\&. It doesn\'t seem to handle seeks over null regions
976 correctly and ends up corrupting the files\&.
978 .IP "\fB-x, --one-file-system\fP"
979 @@ -533,14 +600,14 @@
982 This tells rsync to delete any files on the receiving
983 -side that aren\&'t on the sending side\&. Files that are excluded from
984 +side that aren\'t on the sending side\&. Files that are excluded from
985 transfer are excluded from being deleted unless you use --delete-excluded\&.
987 This option has no effect if directory recursion is not selected\&.
989 This option can be dangerous if used incorrectly! It is a very good idea
990 to run first using the dry run option (-n) to see what files would be
991 -deleted to make sure important files aren\&'t listed\&.
992 +deleted to make sure important files aren\'t listed\&.
994 If the sending side detects any IO errors then the deletion of any
995 files at the destination will be automatically disabled\&. This is to
996 @@ -582,14 +649,29 @@
997 remote copies of rsync\&. By default, rsync will use rsh, but you may
998 like to instead use ssh because of its high security\&.
1000 +If this option is used with \fB[user@]host::module/path\fP, then the
1001 +remote shell \fICOMMMAND\fP will be used to run an rsync server on the
1002 +remote host, and all data will be transmitted through that remote
1003 +shell connection, rather than through a direct socket connection to a
1004 +running rsync server on the remote host\&.
1006 You can also choose the remote shell program using the RSYNC_RSH
1007 environment variable\&.
1009 +In either case, rsync will tokenize the remote-shell command, so you
1010 +can use constructions like
1013 +rsync [options] --rsh="ssh -l user -i identity" source dest
1016 +to control things at a fine level\&.
1018 See also the --blocking-io option which is affected by this option\&.
1020 .IP "\fB--rsync-path=PATH\fP"
1021 Use this to specify the path to the copy of
1022 -rsync on the remote machine\&. Useful when it\&'s not in your path\&. Note
1023 +rsync on the remote machine\&. Useful when it\'s not in your path\&. Note
1024 that this is the full path to the binary, not just the directory that
1028 This option is similar to the --exclude
1029 option, but instead it adds all exclude patterns listed in the file
1030 FILE to the exclude list\&. Blank lines in FILE and lines starting with
1031 -\&';\&' or \&'#\&' are ignored\&.
1032 +\';\' or \'#\' are ignored\&.
1034 .IP "\fB--include=PATTERN\fP"
1035 This option tells rsync to not exclude the
1038 .IP "\fB-C, --cvs-exclude\fP"
1039 This is a useful shorthand for excluding a
1040 -broad range of files that you often don\&'t want to transfer between
1041 +broad range of files that you often don\'t want to transfer between
1042 systems\&. It uses the same algorithm that CVS uses to determine if
1043 a file should be ignored\&.
1046 flash-cutover when all files have been successfully transferred (for
1047 example by moving directories around and removing the old directory,
1048 although this requires also doing the transfer with -I to avoid skipping
1049 -files that haven\&'t changed)\&. This option increases the usefulness of
1050 +files that haven\'t changed)\&. This option increases the usefulness of
1051 --partial because partially transferred files will remain in the new
1052 temporary destination until they have a chance to be completed\&. If DIR is
1053 a relative path, it is relative to the destination directory\&.
1055 a remote shell transport\&. If -e or --rsh are not specified or are set to
1056 the default "rsh", this defaults to blocking IO, otherwise it defaults to
1057 non-blocking IO\&. You may find the --blocking-io option is needed for some
1058 -remote shells that can\&'t handle non-blocking IO\&. Ssh prefers blocking IO\&.
1059 +remote shells that can\'t handle non-blocking IO\&. Ssh prefers blocking IO\&.
1061 .IP "\fB--log-format=FORMAT\fP"
1062 This allows you to specify exactly what the
1065 if the pattern contains a / (not counting a trailing /) then it
1066 is matched against the full filename, including any leading
1067 -directory\&. If the pattern doesn\&'t contain a / then it is matched
1068 +directory\&. If the pattern doesn\'t contain a / then it is matched
1069 only against the final component of the filename\&. Again, remember
1070 that the algorithm is applied recursively so "full filename" can
1071 actually be any portion of a path\&.
1072 @@ -869,12 +951,12 @@
1073 The +/- rules are most useful in exclude lists, allowing you to have a
1074 single exclude list that contains both include and exclude options\&.
1076 -If you end an exclude list with --exclude \&'*\&', note that since the
1077 +If you end an exclude list with --exclude \'*\', note that since the
1078 algorithm is applied recursively that unless you explicitly include
1079 parent directories of files you want to include then the algorithm
1080 will stop at the parent directories and never see the files below
1081 -them\&. To include all directories, use --include \&'*/\&' before the
1082 ---exclude \&'*\&'\&.
1083 +them\&. To include all directories, use --include \'*/\' before the
1086 Here are some exclude/include examples:
1088 @@ -1020,7 +1102,7 @@
1089 are used to determine the default username sent to a rsync server\&.
1092 -The HOME environment variable is used to find the user\&'s
1093 +The HOME environment variable is used to find the user\'s
1094 default \&.cvsignore file\&.
1097 @@ -1070,7 +1152,7 @@
1100 Thanks to Richard Brent, Brendan Mackay, Bill Waite, Stephen Rothwell
1101 -and David Bell for helpful suggestions and testing of rsync\&. I\&'ve
1102 +and David Bell for helpful suggestions and testing of rsync\&. I\'ve
1103 probably missed some people, my apologies if I have\&.
1107 ===================================================================
1108 RCS file: /juno/repository/usr/local/pkg/rsync/rsync.yo,v
1109 retrieving revision 1.1.1.5
1110 retrieving revision 1.4
1111 diff -u -b -r1.1.1.5 -r1.4
1112 --- rsync.yo 2001/12/03 23:49:01 1.1.1.5
1113 +++ rsync.yo 2001/12/04 00:10:39 1.4
1116 manpagesection(GENERAL)
1118 -There are six different ways of using rsync. They are:
1119 +There are eight different ways of using rsync. They are:
1122 it() for copying local files. This is invoked when neither
1124 server. This is invoked when the destination path contains a ::
1127 + it() for copying from a remote machine using a remote shell
1128 + program as the transport, using rsync server on the remote
1129 + machine. This is invoked when the source path contains a ::
1130 + separator and the --rsh=COMMAND (aka "-e COMMAND") option is
1133 + it() for copying from the local machine to a remote machine
1134 + using a remote shell program as the transport, using rsync
1135 + server on the remote machine. This is invoked when the
1136 + destination path contains a :: separator and the
1137 + --rsh=COMMMAND option is also provided.
1139 it() for listing files on a remote machine. This is done the
1140 same way as rsync transfers except that you leave off the
1143 transport. In this case you will connect to a remote rsync server
1144 running on TCP port 873.
1146 -You may establish the connetcion via a web proxy by setting the
1147 +You may establish the connection via a web proxy by setting the
1148 environment variable RSYNC_PROXY to a hostname:port pair pointing to
1149 your web proxy. Note that your web proxy must allow proxying to port
1150 873, this must be configured in your proxy servers ruleset.
1151 @@ -170,12 +182,59 @@
1152 WARNING: On some systems environment variables are visible to all
1153 users. On those systems using --password-file is recommended.
1155 +manpagesection(CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM)
1157 +It is sometimes useful to be able to set up file transfers using rsync
1158 +server capabilities on the remote machine, while still using rsh or
1159 +ssh for transport. This is especially useful when you want to connect
1160 +to a remote machine via ssh (for encryption or to get through a
1161 +firewall), but you still want to have access to the rsync server
1162 +features (see RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM,
1165 +From the user's perspective, using rsync in this way is the same as
1166 +using it to connect to an rsync server, except that you must
1167 +explicitly set the remote shell program on the command line with
1168 +--rsh=COMMAND. (Setting RSYNC_RSH in the environment will not turn on
1169 +this functionality.)
1171 +In order to distinguish between the remote-shell user and the rsync
1172 +server user, you can use '-l user' on your remote-shell command:
1174 +quote(rsync -av --rsh="ssh -l ssh-user" rsync-user@host::module[/path] local-path)
1176 +The "ssh-user" will be used at the ssh level; the "rsync-user" will be
1177 +used to check against the rsyncd.conf on the remote host.
1179 manpagesection(RUNNING AN RSYNC SERVER)
1181 An rsync server is configured using a config file which by default is
1182 called /etc/rsyncd.conf. Please see the rsyncd.conf(5) man page for more
1185 +manpagesection(RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM)
1187 +See the rsyncd.conf(5) man page for full information on the rsync
1188 +server configuration file.
1190 +Several configuration options will not be available unless the remote
1191 +user is root (e.g. chroot, setuid/setgid, etc.). There is no need to
1192 +configure inetd or the services map to include the rsync server port
1193 +if you run an rsync server only via a remote shell program.
1195 +To run an rsync server out of a single-use ssh key, use the
1196 +"command=em(COMMAND)" syntax in the remote user's
1197 +authorized_keys entry, where command would be
1199 +quote(rsync --server --daemon .)
1201 +NOTE: rsync's argument parsing expects the trailing ".", so make sure
1202 +that it's there. If you want to use a rsyncd.conf(5)-style
1203 +configuration file other than /etc/rsyncd.conf, you can added a
1204 +--config-file option to the em(command):
1206 +quote(rsync --server --daemon --config-file=em(file) .)
1208 manpagesection(EXAMPLES)
1210 Here are some examples of how I use rsync.
1211 @@ -501,8 +560,21 @@
1212 remote copies of rsync. By default, rsync will use rsh, but you may
1213 like to instead use ssh because of its high security.
1215 +If this option is used with bf([user@]host::module/path), then the
1216 +remote shell em(COMMMAND) will be used to run an rsync server on the
1217 +remote host, and all data will be transmitted through that remote
1218 +shell connection, rather than through a direct socket connection to a
1219 +running rsync server on the remote host.
1221 You can also choose the remote shell program using the RSYNC_RSH
1222 environment variable.
1224 +In either case, rsync will tokenize the remote-shell command, so you
1225 +can use constructions like
1227 +quote(rsync [options] --rsh="ssh -l user -i identity" source dest)
1229 +to control things at a fine level.
1231 See also the --blocking-io option which is affected by this option.
1233 Index: rsyncd.conf.5
1234 ===================================================================
1235 RCS file: /juno/repository/usr/local/pkg/rsync/rsyncd.conf.5,v
1236 retrieving revision 1.1.1.5
1237 retrieving revision 1.3
1238 diff -u -b -r1.1.1.5 -r1.3
1239 --- rsyncd.conf.5 2001/12/03 23:48:52 1.1.1.5
1240 +++ rsyncd.conf.5 2001/12/04 00:10:39 1.3
1241 @@ -238,6 +238,11 @@
1242 "secrets file" option\&. The default is for all users to be able to
1243 connect without a password (this is called "anonymous rsync")\&.
1245 +See also the \fBCONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL
1246 +PROGRAM\fP section in rsync(1) for information on how handle an
1247 +rsyncd\&.conf-level username that differs from the remote-shell-level
1248 +username when using a remote shell to connect to a rsync server\&.
1250 .IP "\fBsecrets file\fP"
1251 The "secrets file" option specifies the name of
1252 a file that contains the username:password pairs used for
1253 Index: rsyncd.conf.yo
1254 ===================================================================
1255 RCS file: /juno/repository/usr/local/pkg/rsync/rsyncd.conf.yo,v
1256 retrieving revision 1.1.1.5
1257 retrieving revision 1.3
1258 diff -u -b -r1.1.1.5 -r1.3
1259 --- rsyncd.conf.yo 2001/12/03 23:49:02 1.1.1.5
1260 +++ rsyncd.conf.yo 2001/12/04 00:10:39 1.3
1261 @@ -219,6 +219,11 @@
1262 "secrets file" option. The default is for all users to be able to
1263 connect without a password (this is called "anonymous rsync").
1265 +See also the bf(CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL
1266 +PROGRAM) section in rsync(1) for information on how handle an
1267 +rsyncd.conf-level username that differs from the remote-shell-level
1268 +username when using a remote shell to connect to a rsync server.
1270 dit(bf(secrets file)) The "secrets file" option specifies the name of
1271 a file that contains the username:password pairs used for
1272 authenticating this module. This file is only consulted if the "auth
1274 ===================================================================
1275 RCS file: /juno/repository/usr/local/pkg/rsync/socket.c,v
1276 retrieving revision 1.1.1.5
1277 retrieving revision 1.3
1278 diff -u -b -r1.1.1.5 -r1.3
1279 --- socket.c 2001/12/03 23:49:04 1.1.1.5
1280 +++ socket.c 2001/12/04 00:10:39 1.3
1285 -void start_accept_loop(int port, int (*fn)(int ))
1286 +void start_accept_loop(int port, int (*fn)(int, int))
1289 extern char *bind_address;
1291 /* open log file in child before possibly giving
1295 + _exit(fn(fd, fd));