X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/37439b36e72a2fbd7999e40f243781ae0b463db3..f5b14759fbebac1d1e332db7c10f2b8aff710d41:/rsyncd.conf.yo diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo index 7ef31cb5..448b45e6 100644 --- a/rsyncd.conf.yo +++ b/rsyncd.conf.yo @@ -163,7 +163,7 @@ specified. Note that you are free to setup user/group information in the chroot area differently from your normal system. For example, you could abbreviate the list of users and groups. Also, you can protect this information from -being downloaded/uploaded by adding an exclude rule to the rsync.conf file +being downloaded/uploaded by adding an exclude rule to the rsyncd.conf file (e.g. "exclude = /etc/**"). Note that having the exclusion affect uploads is a relatively new feature in rsync, so make sure your daemon is at least 2.6.3 to effect this. Also note that it is safest to exclude a @@ -269,7 +269,7 @@ system. The usernames may also contain shell wildcard characters. If "auth users" is set then the client will be challenged to supply a username and password to connect to the module. A challenge response authentication protocol is used for this exchange. The plain text -usernames are passwords are stored in the file specified by the +usernames and passwords are stored in the file specified by the "secrets file" option. The default is for all users to be able to connect without a password (this is called "anonymous rsync"). @@ -470,6 +470,9 @@ quote(itemize( it() bf(RSYNC_REQUEST): (pre-xfer only) The module/path info specified by the user (note that the user can specify multiple source files, so the request can be something like "mod/path1 mod/path2", etc.). + it() bf(RSYNC_ARG#): (pre-xfer only) The pre-request arguments are set + in these numbered values. RSYNC_ARG0 is always "rsyncd", and the last + value contains a single period. it() bf(RSYNC_EXIT_STATUS): (post-xfer only) rsync's exit value. This will be 0 for a successful run, a positive value for an error that rsync returned (e.g. 23=partial xfer), or a -1 if rsync failed to exit properly. @@ -485,11 +488,11 @@ enddit() manpagesection(AUTHENTICATION STRENGTH) The authentication protocol used in rsync is a 128 bit MD4 based -challenge response system. Although I believe that no one has ever -demonstrated a brute-force break of this sort of system you should -realize that this is not a "military strength" authentication system. -It should be good enough for most purposes but if you want really top -quality security then I recommend that you run rsync over ssh. +challenge response system. This is fairly weak protection, though (with +at least one brute-force hash-finding algorithm publicly available), so +if you want really top-quality security, then I recommend that you run +rsync over ssh. (Yes, a future version of rsync will switch over to a +stronger hashing method.) Also note that the rsync daemon protocol does not currently provide any encryption of the data that is transferred over the connection. Only