X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/fca9a9b0f044a9ef93cea27dadc01ecd56d1274c..066696644f8fa36f5ca3be116d015ded400266de:/rsyncd.conf.yo diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo index 8f8177fb..26996b2d 100644 --- a/rsyncd.conf.yo +++ b/rsyncd.conf.yo @@ -68,7 +68,7 @@ your system. You will then need to send inetd a HUP signal to tell it to reread its config file. Note that you should not send the rsync server a HUP signal to force -it to reread the tt(/etc/rsyncd.conf). The file is re-read on each client +it to reread the tt(rsyncd.conf) file. The file is re-read on each client connection. manpagesection(GLOBAL OPTIONS) @@ -127,7 +127,7 @@ of available modules. The default is no comment. dit(bf(path)) The "path" option specifies the directory in the servers filesystem to make available in this module. You must specify this option -for each module in tt(/etc/rsyncd.conf). +for each module in tt(rsyncd.conf). dit(bf(use chroot)) If "use chroot" is true, the rsync server will chroot to the "path" before starting the file transfer with the client. This has @@ -222,6 +222,11 @@ usernames are passwords are stored in the file specified by the "secrets file" option. The default is for all users to be able to connect without a password (this is called "anonymous rsync"). +See also the bf(CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL +PROGRAM) section in rsync(1) for information on how handle an +rsyncd.conf-level username that differs from the remote-shell-level +username when using a remote shell to connect to a rsync server. + dit(bf(secrets file)) The "secrets file" option specifies the name of a file that contains the username:password pairs used for authenticating this module. This file is only consulted if the "auth @@ -251,16 +256,18 @@ connection is rejected. Each pattern can be in one of five forms: itemize( - it() a dotted decimal IP address. In this case the incoming machines - IP address must match exactly. + it() a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address + of the form a:b:c::d:e:f. In this case the incoming machine's IP address + must match exactly. - it() a address/mask in the form a.b.c.d/n were n is the number of - one bits in in the netmask. All IP addresses which match the masked - IP address will be allowed in. + it() an address/mask in the form ipaddr/n where ipaddr is the IP address + and n is the number of one bits in the netmask. All IP addresses which + match the masked IP address will be allowed in. - it() a address/mask in the form a.b.c.d/e.f.g.h where e.f.g.h is a - netmask in dotted decimal notation. All IP addresses which match the masked - IP address will be allowed in. + it() an address/mask in the form ipaddr/maskaddr where ipaddr is the + IP address and maskaddr is the netmask in dotted decimal notation for IPv4, + or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP + addresses which match the masked IP address will be allowed in. it() a hostname. The hostname as determined by a reverse lookup will be matched (case insensitive) against the pattern. Only an exact @@ -271,6 +278,12 @@ itemize( then the client is allowed in. ) +Note IPv6 link-local addresses can have a scope in the address specification: + +quote(fe80::1%link1) +quote(fe80::%link1/64) +quote(fe80::%link1/ffff:ffff:ffff:ffff::) + You can also combine "hosts allow" with a separate "hosts deny" option. If both options are specified then the "hosts allow" option s checked first and a match results in the client being able to @@ -433,7 +446,7 @@ susan:herpass manpagefiles() -/etc/rsyncd.conf +/etc/rsyncd.conf or rsyncd.conf manpageseealso()