local1, local2, local3, local4, local5, local6 and local7. The default
is daemon.
+dit(bf(socket options)) This option can provide endless fun for people
+who like to tune their systems to the utmost degree. You can set all
+sorts of socket options which may make transfers faster (or
+slower!). Read the man page for the setsockopt() system call for
+details on some of the options you may be able to set. By default no
+special socket options are set.
+
enddit()
file transfers to and from that module should take place as. This
complements the "uid" option. The default is the group "nobody".
+dit(bf(exclude)) The "exclude" option allows you to specify a space
+separated list of patterns to add to the exclude list. This is
+equivalent to the client specifying these patterns with the --exclude
+option. Note that this option is not designed with strong security in
+mind, it is quite possible that a client may find a way to bypass this
+exclude list. If you want to absolutely ensure that certain files
+cannot be accessed then use the uid/gid options in combination with
+file permissions.
+
+dit(bf(exclude from)) The "exclude from" option specifies a filename
+on the server that contains exclude patterns, one per line. This is
+equivalent to the client specifying the --exclude-from option with a
+equivalent file. See also the note about security for the exclude
+option above.
+
dit(bf(auth users)) The "auth users" option specifies a comma
and space separated list of usernames that will be allowed to connect
to this module. The usernames do not need to exist on the local
The default is no "hosts allow" option, which means all hosts can connect.
-dit(bf(hosts allow)) The "hosts deny" option allows you to specify a
+dit(bf(hosts deny)) The "hosts deny" option allows you to specify a
list of patterns that are matched against a connecting clients
hostname and IP address. If the pattern matches then the connection is
rejected. See the "hosts allow" option for more information.
enddit()
+manpagesection(AUTHENTICATION STRENGTH)
+
+The authentication protocol used in rsync is a 128 bit MD4 based
+challenge response system. Although I believe that no one has ever
+demonstrated a brute-force break of this sort of system you should
+realise that this is not a "military strength" authentication system.
+It should be good enough for most purposes but if you want really top
+quality security then I recommend that you run rsync over ssh.
+
+Also note that the rsync server protocol does not currently provide any
+encryption of the data that is transferred over the link. Only
+authentication is provided. Use ssh as the transport if you want
+encryption.
+
+Future versions of rsync may support SSL for better authentication and
+encryption, but that is still being investigated.
+
manpagesection(EXAMPLES)
A simple rsyncd.conf file that allow anonymous rsync to a ftp area at
Matt McCutchen's Web Site / rsync / rsync.git / blobdiff