config file in which case the supplied value will override the
default for that parameter.
+You may use references to environment variables in the values of parameters.
+String parameters will have %VAR% references expanded as late as possible (when
+the string is used in the program), allowing for the use of variables that
+rsync sets at connection time, such as RSYNC_USER_NAME. Non-string parameters
+(such as true/false settings) are expanded when read from the config file. If
+a variable does not exist in the environment, or if a sequence of characters is
+not a valid reference (such as an un-paired percent sign), the raw characters
+are passed through unchanged. This helps with backward compatibility and
+safety (e.g. expanding a non-existent %VAR% to an empty string in a path could
+result in a very unsafe path). Anyone that needs to insert a literal % string
+into a value should use %%.
+
startdit()
dit(bf(motd file)) This parameter allows you to specify a
"message of the day" to display to clients on each connect. This
changed into a single space, while leading or trailing whitespace will be
discarded.
+As with GLOBAL PARAMETERS, you may use references to environment variables in
+the values of parameters. See the GLOBAL PARAMETERS section for more details.
+
startdit()
dit(bf(comment)) This parameter specifies a description string
dit(bf(path)) This parameter specifies the directory in the daemon's
filesystem to make available in this module. You must specify this parameter
-for each module in tt(rsyncd.conf).
+for each module in tt(rsyncd.conf). You may base the path's value off
+of an environment variable, even one that is set by rsync when the user
+connects. For example, this would use the authorizing user's name in the
+path:
+
+verb( path = /home/%RSYNC_USER_NAME% )
dit(bf(use chroot)) If "use chroot" is true, the rsync daemon will chroot
to the "path" before starting the file transfer with the client. This has
dit(bf(uid)) This parameter specifies the user name or user ID that
file transfers to and from that module should take place as when the daemon
was run as root. In combination with the "gid" parameter this determines what
-file permissions are available. The default is uid -2, which is normally
-the user "nobody".
-
-dit(bf(gid)) This parameter specifies the group name or group ID that
-file transfers to and from that module should take place as when the daemon
-was run as root. This complements the "uid" parameter. The default is gid -2,
-which is normally the group "nobody".
+file permissions are available. The default when run by a super-user is to
+switch to the system's "nobody" user. The default for a non-super-user is to
+not try to change the user. See also the "gid" parameter.
+
+The RSYNC_USER_NAME environment variable may be used to request that rsync run
+as the authorizing user. For example, if you want a rsync to run as the same
+user that was received for the rsync authentication, this setup is useful:
+
+verb( uid = %RSYNC_USER_NAME%
+ gid = * )
+
+dit(bf(gid)) This parameter specifies one or more group names/IDs that will be
+used when accessing the module. The first one will be the default group, and
+any extra ones be set as supplemental groups. You may also specify a "*" as
+the first gid in the list, which will be replaced by all the normal groups for
+the transfer's user (see "uid"). The default when run by a super-user is to
+switch to your OS's "nobody" (or perhaps "nogroup") group with no other
+supplementary groups. The default for a non-super-user is to not change any
+group attributes (and indeed, your OS may not allow a non-super-user to try to
+change their group settings).
dit(bf(fake super)) Setting "fake super = yes" for a module causes the
daemon side to behave as if the bf(--fake-user) command-line option had
"secrets file" parameter. The default is for all users to be able to
connect without a password (this is called "anonymous rsync").
-See also the "CONNECTING TO AN RSYNC DAEMON OVER A REMOTE SHELL
-PROGRAM" section in bf(rsync)(1) for information on how handle an
+See also the section entitled "USING RSYNC-DAEMON FEATURES VIA A REMOTE
+SHELL CONNECTION" in bf(rsync)(1) for information on how handle an
rsyncd.conf-level username that differs from the remote-shell-level
username when using a remote shell to connect to an rsync daemon.
Matt McCutchen's Web Site / rsync / rsync.git / blobdiff