locking on this file to ensure that the max connections limit is not
exceeded. The default is tt(/var/run/rsyncd.lock).
+dit(bf(log file)) The "log file" option tells the rsync daemon to log
+messages to that file rather than using syslog. This is particularly
+useful on systems (such as AIX) where syslog() doesn't work for
+chrooted programs.
+
+dit(bf(pid file)) The "pid file" option tells the rsync daemon to write
+its process id to that file.
+
dit(bf(syslog facility)) The "syslog facility" option allows you to
specify the syslog facility name to use when logging messages from the
rsync server. You may use any standard syslog facility name which is
local1, local2, local3, local4, local5, local6 and local7. The default
is daemon.
+dit(bf(transfer logging)) The "transfer logging" option enables per-file
+logging of downloads and uploads in a format somewhat similar to that
+used by ftp daemons. If you want to customise the log formats look at
+log_send, log_recv and log_transfer in log.c
+
+dit(bf(socket options)) This option can provide endless fun for people
+who like to tune their systems to the utmost degree. You can set all
+sorts of socket options which may make transfers faster (or
+slower!). Read the man page for the setsockopt() system call for
+details on some of the options you may be able to set. By default no
+special socket options are set.
+
enddit()
of available modules. The default is no comment.
dit(bf(path)) The "path" option specifies the directory in the servers
-filesystem to make available in this module. The rsync server will
-chroot to this path before starting the file transfer with the
-client. You must specify this option for each module in tt(/etc/rsyncd.conf).
+filesystem to make available in this module. You must specify this option
+for each module in tt(/etc/rsyncd.conf).
+
+dit(bf(use chroot)) If "use chroot" is true, the rsync server will chroot
+to the "path" before starting the file transfer with the client. This has
+the advantage of extra protection against possible implementation security
+holes, but it has the disadvantages of requiring super-user privileges and
+of not being able to follow symbolic links outside of the new root path.
+The default is to use chroot.
dit(bf(read only)) The "read only" option determines whether clients
will be able to upload files or not. If "read only" is true then any
The default is no "hosts allow" option, which means all hosts can connect.
-dit(bf(hosts allow)) The "hosts deny" option allows you to specify a
+dit(bf(hosts deny)) The "hosts deny" option allows you to specify a
list of patterns that are matched against a connecting clients
hostname and IP address. If the pattern matches then the connection is
rejected. See the "hosts allow" option for more information.
enddit()
+manpagesection(AUTHENTICATION STRENGTH)
+
+The authentication protocol used in rsync is a 128 bit MD4 based
+challenge response system. Although I believe that no one has ever
+demonstrated a brute-force break of this sort of system you should
+realise that this is not a "military strength" authentication system.
+It should be good enough for most purposes but if you want really top
+quality security then I recommend that you run rsync over ssh.
+
+Also note that the rsync server protocol does not currently provide any
+encryption of the data that is transferred over the link. Only
+authentication is provided. Use ssh as the transport if you want
+encryption.
+
+Future versions of rsync may support SSL for better authentication and
+encryption, but that is still being investigated.
+
manpagesection(EXAMPLES)
A simple rsyncd.conf file that allow anonymous rsync to a ftp area at
uid = nobody nl()
gid = nobody nl()
+use chroot = no nl()
max connections = 4 nl()
syslog facility = local5 nl()
+pid file = /etc/rsyncd.pid
verb([ftp]
path = /var/ftp/pub
Matt McCutchen's Web Site / rsync / rsync.git / blobdiff