+the list of users and groups. Also, you can protect this information from
+being downloaded/uploaded by adding an exclude rule to the rsyncd.conf file
+(e.g. "bf(exclude = /etc/**)"). Note that having the exclusion affect uploads
+is a relatively new feature in rsync, so make sure your daemon is
+at least 2.6.3 to effect this. Also note that it is safest to exclude a
+directory and all its contents combining the rule "/some/dir/" with the
+rule "/some/dir/**" just to be sure that rsync will not allow deeper
+access to some of the excluded files inside the directory (rsync tries to
+do this automatically, but you might as well specify both to be extra
+sure).
+
+dit(bf(munge symlinks)) The "munge symlinks" option tells rsync to modify
+all incoming symlinks in a way that makes them unusable but recoverable
+(see below). This should help protect your files from user trickery when
+your daemon module is writable. The default is disabled when "use chroot"
+is on and enabled when "use chroot" is off.
+
+If you disable this option on a daemon that is not read-only, there
+are tricks that a user can play with uploaded symlinks to access
+daemon-excluded items (if your module has any), and, if "use chroot"
+is off, rsync can even be tricked into showing or changing data that
+is outside the module's path (as access-permissions allow).
+
+The way rsync disables the use of symlinks is to prefix each one with
+the string "/rsyncd-munged/". This prevents the links from being used
+as long as that directory does not exist. When this option is enabled,
+rsync will refuse to run if that path is a directory or a symlink to
+a directory. When using the "munge symlinks" option in a chroot area,
+you should add this path to the exclude setting for the module so that
+a user can't try to create it.
+
+Note: rsync makes no attempt to verify that any pre-existing symlinks in
+the hierarchy are as safe as you want them to be. If you setup an rsync
+daemon on a new area or locally add symlinks, you can manually protect your
+symlinks from being abused by prefixing "/rsyncd-munged/" to the start of
+every symlink's value. There is a perl script in the support directory
+of the source code named "munge-symlinks" that can be used to add or remove
+this prefix from your symlinks.
+
+When this option is disabled on a writable module and "use chroot" is off,
+incoming symlinks will be modified to drop a leading slash and to remove ".."
+path elements that rsync believes will allow a symlink to escape the module's
+hierarchy. There are tricky ways to work around this, though, so you had
+better trust your users if you choose this combination of options.