if (do_stat(fname, &st) == -1) {
rprintf(FERROR,"stat(%s) : %s\n", fname, strerror(errno));
ok = 0;
- } else if ((st.st_mode & 06) != 0) {
- rprintf(FERROR,"secrets file must not be other-accessible\n");
- ok = 0;
- } else if (am_root && (st.st_uid != 0)) {
- rprintf(FERROR,"secrets file must be owned by root when running as root\n");
- ok = 0;
+ } else if (lp_strict_modes(module)) {
+ if ((st.st_mode & 06) != 0) {
+ rprintf(FERROR,"secrets file must not be other-accessible (see strict modes option)\n");
+ ok = 0;
+ } else if (am_root && (st.st_uid != 0)) {
+ rprintf(FERROR,"secrets file must be owned by root when running as root (see strict modes)\n");
+ ok = 0;
+ }
}
if (!ok) {
rprintf(FERROR,"continuing without secrets file\n");
char *hosts_deny;
char *auth_users;
char *secrets_file;
+ BOOL strict_modes;
char *exclude;
char *exclude_from;
char *include;
NULL, /* hosts deny */
NULL, /* auth users */
NULL, /* secrets file */
+ True, /* strict modes */
NULL, /* exclude */
NULL, /* exclude from */
NULL, /* include */
{"hosts deny", P_STRING, P_LOCAL, &sDefault.hosts_deny, NULL, 0},
{"auth users", P_STRING, P_LOCAL, &sDefault.auth_users, NULL, 0},
{"secrets file", P_STRING, P_LOCAL, &sDefault.secrets_file,NULL, 0},
+ {"strict modes", P_BOOL, P_LOCAL, &sDefault.strict_modes,NULL, 0},
{"exclude", P_STRING, P_LOCAL, &sDefault.exclude, NULL, 0},
{"exclude from", P_STRING, P_LOCAL, &sDefault.exclude_from,NULL, 0},
{"include", P_STRING, P_LOCAL, &sDefault.include, NULL, 0},
FN_LOCAL_STRING(lp_hosts_deny, hosts_deny)
FN_LOCAL_STRING(lp_auth_users, auth_users)
FN_LOCAL_STRING(lp_secrets_file, secrets_file)
+FN_LOCAL_BOOL(lp_strict_modes, strict_modes)
FN_LOCAL_STRING(lp_exclude, exclude)
FN_LOCAL_STRING(lp_exclude_from, exclude_from)
FN_LOCAL_STRING(lp_include, include)
mailto(rsync-bugs@samba.org)
-manpage(rsyncd.conf)(5)(21 Jan 1999)()()
+manpage(rsyncd.conf)(5)(9 Feb 1999)()()
manpagename(rsyncd.conf)(configuration file for rsync server)
manpagesynopsis()
limit the length of passwords that can be typed at the client end, so
you may find that passwords longer than 8 characters don't work.
-bf(You should make sure that the secrets file is not readable by anyone
-other than the system administrator.) There is no default for the
-"secrets file" option, you must choose a name (such as
-tt(/etc/rsyncd.secrets)).
+There is no default for the "secrets file" option, you must choose a name
+(such as tt(/etc/rsyncd.secrets)).
+
+dit(bf(strict modes)) The "strict modes" option determines whether or not
+the permissions on the secrets file will be checked. If "strict modes" is
+true, then the secrets file must not be readable by any user id other
+than the one that the rsync daemon is running under. If "strict modes" is
+false, the check is not performed. The default is true. This option
+was added to accommodate rsync running on the Windows operating system.
dit(bf(hosts allow)) The "hosts allow" option allows you to specify a
list of patterns that are matched against a connecting clients
Matt McCutchen's Web Site / rsync / rsync.git / commitdiff