1rsyncd.conf(5)                                                  rsyncd.conf(5)
2
3
4

NAME

6       rsyncd.conf — configuration file for rsync in daemon mode
7

SYNOPSIS

9       rsyncd.conf
10

DESCRIPTION

12       The  rsyncd.conf  file is the runtime configuration file for rsync when
13       run as an rsync daemon.
14
15       The rsyncd.conf  file  controls  authentication,  access,  logging  and
16       available modules.
17

FILE FORMAT

19       The  file  consists of modules and parameters. A module begins with the
20       name of the module in square brackets and continues until the next mod‐
21       ule begins. Modules contain parameters of the form "name = value".
22
23       The  file is line-based -- that is, each newline-terminated line repre‐
24       sents either a comment, a module name or a parameter.
25
26       Only the first equals sign in a parameter  is  significant.  Whitespace
27       before  or  after the first equals sign is discarded. Leading, trailing
28       and internal whitespace in module and parameter  names  is  irrelevant.
29       Leading  and  trailing  whitespace  in  a parameter value is discarded.
30       Internal whitespace within a parameter value is retained verbatim.
31
32       Any line beginning with a hash (#) is ignored, as are lines  containing
33       only whitespace.
34
35       Any line ending in a \ is "continued" on the next line in the customary
36       UNIX fashion.
37
38       The values following the equals sign in parameters  are  all  either  a
39       string  (no  quotes needed) or a boolean, which may be given as yes/no,
40       0/1 or true/false. Case is not significant in boolean  values,  but  is
41       preserved in string values.
42

LAUNCHING THE RSYNC DAEMON

44       The  rsync  daemon  is  launched  by  specifying the --daemon option to
45       rsync.
46
47       The daemon must run with root privileges if you wish to use chroot,  to
48       bind  to  a port numbered under 1024 (as is the default 873), or to set
49       file ownership.  Otherwise, it must just have permission  to  read  and
50       write the appropriate data, log, and lock files.
51
52       You can launch it either via inetd, as a stand-alone daemon, or from an
53       rsync client via a remote shell.  If run as a stand-alone  daemon  then
54       just run the command "rsync --daemon" from a suitable startup script.
55
56       When run via inetd you should add a line like this to /etc/services:
57
58         rsync           873/tcp
59
60
61       and a single line something like this to /etc/inetd.conf:
62
63         rsync   stream  tcp     nowait  root   /usr/bin/rsync rsyncd --daemon
64
65
66       Replace  "/usr/bin/rsync"  with  the  path  to  where  you  have  rsync
67       installed on your system.  You will then need to send inetd a HUP  sig‐
68       nal to tell it to reread its config file.
69
70       Note that you should not send the rsync daemon a HUP signal to force it
71       to reread the rsyncd.conf file. The file is re-read on each client con‐
72       nection.
73

GLOBAL PARAMETERS

75       The  first  parameters  in  the file (before a [module] header) are the
76       global parameters.
77
78       You may also include any module parameters in the global  part  of  the
79       config  file in which case the supplied value will override the default
80       for that parameter.
81
82       motd file
83              This parameter allows you to specify a "message of the  day"  to
84              display  to  clients on each connect. This usually contains site
85              information and any legal notices. The default is no motd file.
86
87       pid file
88              This parameter tells the rsync daemon to write its process ID to
89              that  file.   If  the file already exists, the rsync daemon will
90              abort rather than overwrite the file.
91
92       port   You can override the default port the daemon will listen  on  by
93              specifying this value (defaults to 873).  This is ignored if the
94              daemon is being run by inetd, and is superseded  by  the  --port
95              command-line option.
96
97       address
98              You  can  override the default IP address the daemon will listen
99              on by specifying this value.  This is ignored if the  daemon  is
100              being  run  by  inetd,  and  is superseded by the --address com‐
101              mand-line option.
102
103       socket options
104              This parameter can provide endless fun for people  who  like  to
105              tune  their  systems to the utmost degree. You can set all sorts
106              of socket options which may make transfers faster (or  slower!).
107              Read  the  man page for the setsockopt() system call for details
108              on some of the options you may be able to  set.  By  default  no
109              special  socket  options  are  set.   These settings can also be
110              specified via the --sockopts command-line option.
111

MODULE PARAMETERS

113       After the global parameters you should define a number of modules, each
114       module  exports  a  directory  tree  as  a  symbolic  name. Modules are
115       exported by specifying a module name in square brackets  [module]  fol‐
116       lowed  by  the parameters for that module.  The module name cannot con‐
117       tain a slash or a closing square bracket.  If the name contains  white‐
118       space, each internal sequence of whitespace will be changed into a sin‐
119       gle space, while leading or trailing whitespace will be discarded.
120
121       comment
122              This parameter specifies a description string that is  displayed
123              next  to the module name when clients obtain a list of available
124              modules. The default is no comment.
125
126       path   This parameter specifies the directory in the daemon’s  filesys‐
127              tem  to  make  available  in this module.  You must specify this
128              parameter for each module in rsyncd.conf.
129
130       use chroot
131              If "use chroot" is true, the rsync daemon  will  chroot  to  the
132              "path"  before starting the file transfer with the client.  This
133              has the advantage of extra protection against possible implemen‐
134              tation security holes, but it has the disadvantages of requiring
135              super-user privileges, of not  being  able  to  follow  symbolic
136              links  that are either absolute or outside of the new root path,
137              and of complicating the preservation of users and groups by name
138              (see below).
139
140              As  an  additional  safety feature, you can specify a dot-dir in
141              the module’s "path" to  indicate  the  point  where  the  chroot
142              should  occur.   This  allows  rsync  to  run in a chroot with a
143              non-"/" path for the top of the transfer hierarchy.  Doing  this
144              guards  against unintended library loading (since those absolute
145              paths will not be inside the transfer hierarchy unless you  have
146              used  an  unwise pathname), and lets you setup libraries for the
147              chroot that are outside of the transfer.  For example,  specify‐
148              ing  "/var/rsync/./module1"  will  chroot  to  the  "/var/rsync"
149              directory and set the inside-chroot path to "/module1".  If  you
150              had  omitted  the  dot-dir, the chroot would have used the whole
151              path, and the inside-chroot path would have been "/".
152
153              When "use chroot" is false or the inside-chroot path is not "/",
154              rsync  will:  (1) munge symlinks by default for security reasons
155              (see "munge symlinks" for a way to turn this off,  but  only  if
156              you  trust  your users), (2) substitute leading slashes in abso‐
157              lute paths with the module’s  path  (so  that  options  such  as
158              --backup-dir, --compare-dest, etc. interpret an absolute path as
159              rooted in the module’s "path" dir), and (3) trim ".." path  ele‐
160              ments  from  args if rsync believes they would escape the module
161              hierarchy.  The default for "use chroot" is  true,  and  is  the
162              safer choice (especially if the module is not read-only).
163
164              When  this  parameter  is enabled, rsync will not attempt to map
165              users and groups by name (by default), but instead copy  IDs  as
166              though  --numeric-ids  had  been  specified.  In order to enable
167              name-mapping, rsync needs to be able to use the standard library
168              functions  for looking up names and IDs (i.e.  getpwuid() , get‐
169              grgid() , getpwname() , and getgrnam() ).  This means the  rsync
170              process  in the chroot hierarchy will need to have access to the
171              resources  used  by  these  library   functions   (traditionally
172              /etc/passwd  and  /etc/group,  but  perhaps  additional  dynamic
173              libraries as well).
174
175              If you copy the necessary resources  into  the  module’s  chroot
176              area,   you   should  protect  them  through  your  OS’s  normal
177              user/group or ACL settings (to prevent the rsync  module’s  user
178              from  being  able  to  change them), and then hide them from the
179              user’s view via "exclude" (see how in  the  discussion  of  that
180              parameter).  At that point it will be safe to enable the mapping
181              of users and groups by  name  using  the  "numeric  ids"  daemon
182              parameter (see below).
183
184              Note  also that you are free to setup custom user/group informa‐
185              tion in the chroot area that is different from your normal  sys‐
186              tem.   For  example,  you could abbreviate the list of users and
187              groups.
188
189       numeric ids
190              Enabling this parameter disables the mapping of users and groups
191              by name for the current daemon module.  This prevents the daemon
192              from trying to load any user/group-related files  or  libraries.
193              This  enabling  makes  the  transfer behave as if the client had
194              passed the --numeric-ids command-line option.  By default,  this
195              parameter  is  enabled  for  chroot  modules  and  disabled  for
196              non-chroot modules.
197
198              A chroot-enabled module should not have this  parameter  enabled
199              unless you’ve taken steps to ensure that the module has the nec‐
200              essary resources it needs to translate names, and that it is not
201              possible for a user to change those resources.
202
203       munge symlinks
204              This  parameter tells rsync to modify all incoming symlinks in a
205              way that makes them unusable but recoverable (see below).   This
206              should help protect your files from user trickery when your dae‐
207              mon module is writable.   The  default  is  disabled  when  "use
208              chroot" is on and the inside-chroot path is "/", otherwise it is
209              enabled.
210
211              If you disable this parameter on a daemon that is not read-only,
212              there  are tricks that a user can play with uploaded symlinks to
213              access daemon-excluded items (if your module has any),  and,  if
214              "use  chroot"  is off, rsync can even be tricked into showing or
215              changing data that is outside the module’s path (as  access-per‐
216              missions allow).
217
218              The way rsync disables the use of symlinks is to prefix each one
219              with the string "/rsyncd-munged/".  This prevents the links from
220              being  used as long as that directory does not exist.  When this
221              parameter is enabled, rsync will refuse to run if that path is a
222              directory  or  a  symlink to a directory.  When using the "munge
223              symlinks" parameter in a chroot area that has  an  inside-chroot
224              path  of  "/",  you  should add "/rsyncd-munged/" to the exclude
225              setting for the module so that a user can’t try to create it.
226
227              Note:  rsync makes no attempt to verify  that  any  pre-existing
228              symlinks  in the module’s hierarchy are as safe as you want them
229              to be (unless, of course, it just copied in  the  whole  hierar‐
230              chy).  If you setup an rsync daemon on a new area or locally add
231              symlinks, you can manually  protect  your  symlinks  from  being
232              abused by prefixing "/rsyncd-munged/" to the start of every sym‐
233              link’s value.  There is a perl script in the  support  directory
234              of  the  source  code named "munge-symlinks" that can be used to
235              add or remove this prefix from your symlinks.
236
237              When this parameter is disabled on a writable  module  and  "use
238              chroot"  is off (or the inside-chroot path is not "/"), incoming
239              symlinks will be modified to drop a leading slash and to  remove
240              ".."  path  elements that rsync believes will allow a symlink to
241              escape the module’s hierarchy.  There are tricky  ways  to  work
242              around  this,  though, so you had better trust your users if you
243              choose this combination of parameters.
244
245       charset
246              This specifies the name of the character set in which  the  mod‐
247              ule’s  filenames  are  stored.   If  the  client uses an --iconv
248              option, the daemon will use the value of the "charset" parameter
249              regardless  of  the  character  set  the client actually passed.
250              This allows the daemon to support charset conversion in a chroot
251              module  without extra files in the chroot area, and also ensures
252              that name-translation is done in a consistent  manner.   If  the
253              "charset"  parameter  is not set, the --iconv option is refused,
254              just as if "iconv" had been specified via "refuse options".
255
256              If you wish to force users to always use --iconv for a  particu‐
257              lar  module,  add  "no-iconv" to the "refuse options" parameter.
258              Keep in mind that this will restrict access to  your  module  to
259              very new rsync clients.
260
261       max connections
262              This  parameter  allows  you  to  specify  the maximum number of
263              simultaneous connections you will allow.  Any clients connecting
264              when the maximum has been reached will receive a message telling
265              them to try later.  The default is 0, which means no  limit.   A
266              negative  value  disables  the module.  See also the "lock file"
267              parameter.
268
269       log file
270              When the "log file" parameter is set to a non-empty string,  the
271              rsync daemon will log messages to the indicated file rather than
272              using syslog. This is particularly useful on  systems  (such  as
273              AIX)  where  syslog()  doesn’t  work for chrooted programs.  The
274              file is opened before chroot() is  called,  allowing  it  to  be
275              placed outside the transfer.  If this value is set on a per-mod‐
276              ule basis instead of globally, the global log will still contain
277              any authorization failures or config-file error messages.
278
279              If  the  daemon  fails  to open the specified file, it will fall
280              back to using syslog and output  an  error  about  the  failure.
281              (Note that the failure to open the specified log file used to be
282              a fatal error.)
283
284       syslog facility
285              This parameter allows you to specify the syslog facility name to
286              use when logging messages from the rsync daemon. You may use any
287              standard syslog facility name which is defined on  your  system.
288              Common  names  are auth, authpriv, cron, daemon, ftp, kern, lpr,
289              mail,  news,  security,  syslog,  user,  uucp,  local0,  local1,
290              local2,  local3,  local4, local5, local6 and local7. The default
291              is daemon.  This setting has no effect if the "log file" setting
292              is  a  non-empty string (either set in the per-modules settings,
293              or inherited from the global settings).
294
295       max verbosity
296              This parameter allows you to control the maximum amount of  ver‐
297              bose information that you’ll allow the daemon to generate (since
298              the information goes into the log file). The default is 1, which
299              allows the client to request one level of verbosity.
300
301       lock file
302              This  parameter  specifies  the  file to use to support the "max
303              connections" parameter. The rsync daemon uses record locking  on
304              this  file  to  ensure  that  the  max  connections limit is not
305              exceeded for the modules sharing the lock file.  The default  is
306              /var/run/rsyncd.lock.
307
308       read only
309              This parameter determines whether clients will be able to upload
310              files or not. If "read only" is true then any attempted  uploads
311              will fail. If "read only" is false then uploads will be possible
312              if file permissions on the daemon side allow them.  The  default
313              is for all modules to be read only.
314
315       write only
316              This  parameter determines whether clients will be able to down‐
317              load files or not. If "write only" is true  then  any  attempted
318              downloads  will  fail.  If  "write only" is false then downloads
319              will be possible if file permissions on the  daemon  side  allow
320              them.  The default is for this parameter to be disabled.
321
322       list   This  parameter  determines if this module should be listed when
323              the client asks for a listing of available modules.  By  setting
324              this  to false you can create hidden modules. The default is for
325              modules to be listable.
326
327       uid    This parameter specifies the user name  or  user  ID  that  file
328              transfers  to and from that module should take place as when the
329              daemon was run as root. In combination with the "gid"  parameter
330              this determines what file permissions are available. The default
331              is uid -2, which is normally the user "nobody".
332
333       gid    This parameter specifies the group name or group  ID  that  file
334              transfers  to and from that module should take place as when the
335              daemon was run as root. This complements  the  "uid"  parameter.
336              The default is gid -2, which is normally the group "nobody".
337
338       fake super
339              Setting  "fake  super = yes" for a module causes the daemon side
340              to behave as if the --fake-super command-line  option  had  been
341              specified.   This  allows  the  full  attributes of a file to be
342              stored without having to have the  daemon  actually  running  as
343              root.
344
345       filter The  daemon  has its own filter chain that determines what files
346              it will let the client access.  This chain is not  sent  to  the
347              client  and  is  independent  of any filters the client may have
348              specified.  Files excluded by  the  daemon  filter  chain  (dae‐
349              mon-excluded  files)  are  treated as non-existent if the client
350              tries to pull them, are skipped with an  error  message  if  the
351              client  tries  to  push  them (triggering exit code 23), and are
352              never deleted from the module.  You can use  daemon  filters  to
353              prevent  clients  from  downloading  or  tampering  with private
354              administrative files, such as  files  you  may  add  to  support
355              uid/gid name translations.
356
357              The  daemon  filter  chain  is built from the "filter", "include
358              from", "include", "exclude from", and "exclude"  parameters,  in
359              that  order  of priority.  Anchored patterns are anchored at the
360              root of the module.  To prevent access to an entire subtree, for
361              example,  "/secret", you must exclude everything in the subtree;
362              the easiest way to do this is with a  triple-star  pattern  like
363              "/secret/***".
364
365              The  "filter"  parameter  takes a space-separated list of daemon
366              filter rules, though it is smart enough to know not to  split  a
367              token  at  an internal space in a rule (e.g. "- /foo  — /bar" is
368              parsed as two rules).  You may specify one  or  more  merge-file
369              rules  using the normal syntax.  Only one "filter" parameter can
370              apply to a given module in the config file, so put all the rules
371              you  want  in  a  single  parameter.   Note  that  per-directory
372              merge-file rules do not provide as  much  protection  as  global
373              rules,  but they can be used to make --delete work better during
374              a client download operation  if  the  per-dir  merge  files  are
375              included  in  the  transfer and the client requests that they be
376              used.
377
378       exclude
379              This parameter takes a space-separated list  of  daemon  exclude
380              patterns.   As with the client --exclude option, patterns can be
381              qualified  with  "-  "  or   "+   "   to   explicitly   indicate
382              exclude/include.   Only  one  "exclude" parameter can apply to a
383              given module.  See the "filter" parameter for a  description  of
384              how excluded files affect the daemon.
385
386       include
387              Use an "include" to override the effects of the "exclude" param‐
388              eter.  Only one "include" parameter can apply to a given module.
389              See  the  "filter"  parameter  for a description of how excluded
390              files affect the daemon.
391
392       exclude from
393              This parameter specifies the name of a file on the  daemon  that
394              contains  daemon  exclude  patterns,  one  per  line.   Only one
395              "exclude from" parameter can apply to a  given  module;  if  you
396              have  multiple  exclude-from  files,  you  can specify them as a
397              merge file in the "filter" parameter.  See the "filter"  parame‐
398              ter for a description of how excluded files affect the daemon.
399
400       include from
401              Analogue  of  "exclude  from"  for a file of daemon include pat‐
402              terns.  Only one "include from" parameter can apply to  a  given
403              module.   See  the  "filter"  parameter for a description of how
404              excluded files affect the daemon.
405
406       incoming chmod
407              This parameter allows you to specify a  set  of  comma-separated
408              chmod  strings  that will affect the permissions of all incoming
409              files (files that are being  received  by  the  daemon).   These
410              changes happen after all other permission calculations, and this
411              will even override destination-default and/or  existing  permis‐
412              sions  when  the  client  does  not  specify  --perms.   See the
413              description of the --chmod rsync option and the chmod(1) manpage
414              for information on the format of this string.
415
416       outgoing chmod
417              This  parameter  allows  you to specify a set of comma-separated
418              chmod strings that will affect the permissions of  all  outgoing
419              files  (files  that  are being sent out from the daemon).  These
420              changes happen first, making the sent permissions appear  to  be
421              different  than  those  stored  in  the  filesystem itself.  For
422              instance, you could  disable  group  write  permissions  on  the
423              server  while having it appear to be on to the clients.  See the
424              description of the --chmod rsync option and the chmod(1) manpage
425              for information on the format of this string.
426
427       auth users
428              This  parameter  specifies  a  comma and space-separated list of
429              usernames that will be allowed to connect to  this  module.  The
430              usernames  do  not  need to exist on the local system. The user‐
431              names may also  contain  shell  wildcard  characters.  If  "auth
432              users"  is  set  then  the client will be challenged to supply a
433              username and password to connect  to  the  module.  A  challenge
434              response  authentication protocol is used for this exchange. The
435              plain text usernames and passwords are stored in the file speci‐
436              fied  by  the  "secrets  file" parameter. The default is for all
437              users to be able to connect without a password (this  is  called
438              "anonymous rsync").
439
440              See also the section entitled "USING RSYNC-DAEMON FEATURES VIA A
441              REMOTE SHELL CONNECTION" in rsync(1) for information on how han‐
442              dle   an   rsyncd.conf-level  username  that  differs  from  the
443              remote-shell-level username when using a remote shell to connect
444              to an rsync daemon.
445
446       secrets file
447              This  parameter  specifies  the name of a file that contains the
448              username:password pairs used  for  authenticating  this  module.
449              This  file  is  only  consulted if the "auth users" parameter is
450              specified. The file is line based and contains username:password
451              pairs separated by a single colon. Any line starting with a hash
452              (#) is considered a comment and is skipped.  The  passwords  can
453              contain any characters but be warned that many operating systems
454              limit the length of passwords that can be typed  at  the  client
455              end,  so  you  may  find that passwords longer than 8 characters
456              don’t work.
457
458              There is no default for the "secrets file" parameter,  you  must
459              choose a name (such as /etc/rsyncd.secrets).  The file must nor‐
460              mally not be readable by "other"; see "strict modes".
461
462       strict modes
463              This parameter determines whether or not the permissions on  the
464              secrets  file  will be checked.  If "strict modes" is true, then
465              the secrets file must not be readable by any user ID other  than
466              the  one  that  the  rsync  daemon is running under.  If "strict
467              modes" is false, the check is not  performed.   The  default  is
468              true.   This parameter was added to accommodate rsync running on
469              the Windows operating system.
470
471       hosts allow
472              This parameter allows you to specify a list of patterns that are
473              matched against a connecting clients hostname and IP address. If
474              none of the patterns match then the connection is rejected.
475
476              Each pattern can be in one of five forms:
477
478              o      a dotted decimal IPv4 address of the form a.b.c.d, or  an
479                     IPv6  address  of the form a:b:c::d:e:f. In this case the
480                     incoming machine’s IP address must match exactly.
481
482              o      an address/mask in the form ipaddr/n where ipaddr is  the
483                     IP  address  and  n is the number of one bits in the net‐
484                     mask.  All IP addresses which match the masked IP address
485                     will be allowed in.
486
487              o      an  address/mask in the form ipaddr/maskaddr where ipaddr
488                     is the IP address and maskaddr is the netmask  in  dotted
489                     decimal  notation  for  IPv4,  or  similar for IPv6, e.g.
490                     ffff:ffff:ffff:ffff:: instead of /64.  All  IP  addresses
491                     which match the masked IP address will be allowed in.
492
493              o      a  hostname.  The  hostname  as  determined  by a reverse
494                     lookup will be matched  (case  insensitive)  against  the
495                     pattern. Only an exact match is allowed in.
496
497              o      a  hostname  pattern  using  wildcards. These are matched
498                     using the same rules as normal unix filename matching. If
499                     the pattern matches then the client is allowed in.
500
501
502              Note  IPv6  link-local addresses can have a scope in the address
503              specification:
504
505                  fe80::1%link1
506                  fe80::%link1/64
507                  fe80::%link1/ffff:ffff:ffff:ffff::
508
509
510              You can also combine "hosts allow" with a separate "hosts  deny"
511              parameter.  If  both  parameters  are  specified then the "hosts
512              allow" parameter is checked first and a  match  results  in  the
513              client being able to connect. The "hosts deny" parameter is then
514              checked and a match means that the host is rejected. If the host
515              does not match either the "hosts allow" or the "hosts deny" pat‐
516              terns then it is allowed to connect.
517
518              The default is no "hosts allow" parameter, which means all hosts
519              can connect.
520
521       hosts deny
522              This parameter allows you to specify a list of patterns that are
523              matched against a connecting clients hostname and IP address. If
524              the  pattern  matches  then  the connection is rejected. See the
525              "hosts allow" parameter for more information.
526
527              The default is no "hosts deny" parameter, which means all  hosts
528              can connect.
529
530       ignore errors
531              This  parameter  tells rsyncd to ignore I/O errors on the daemon
532              when deciding whether to run the delete phase of  the  transfer.
533              Normally  rsync  skips  the --delete step if any I/O errors have
534              occurred in order to prevent disastrous deletion due to a tempo‐
535              rary  resource  shortage  or other I/O error. In some cases this
536              test is counter productive so you can use this parameter to turn
537              off this behavior.
538
539       ignore nonreadable
540              This  tells the rsync daemon to completely ignore files that are
541              not readable by the user. This is  useful  for  public  archives
542              that may have some non-readable files among the directories, and
543              the sysadmin doesn’t want those files to be seen at all.
544
545       transfer logging
546              This parameter enables per-file logging of downloads and uploads
547              in  a  format somewhat similar to that used by ftp daemons.  The
548              daemon always logs the transfer at the end, so if a transfer  is
549              aborted, no mention will be made in the log file.
550
551              If  you  want  to  customize the log lines, see the "log format"
552              parameter.
553
554       log format
555              This parameter allows you to specify the format used for logging
556              file  transfers when transfer logging is enabled.  The format is
557              a  text  string  containing  embedded  single-character   escape
558              sequences  prefixed  with  a percent (%) character.  An optional
559              numeric field width may also be specified  between  the  percent
560              and the escape letter (e.g. "%-50n %8l %07p").
561
562              The  default log format is "%o %h [%a] %m (%u) %f %l", and a "%t
563              [%p] " is always prefixed when using the "log  file"  parameter.
564              (A  perl  script  that will summarize this default log format is
565              included in the rsync source code distribution in the  "support"
566              subdirectory: rsyncstats.)
567
568              The single-character escapes that are understood are as follows:
569
570              o      %a the remote IP address
571
572              o      %b the number of bytes actually transferred
573
574              o      %B the permission bits of the file (e.g. rwxrwxrwt)
575
576              o      %c the total size of the block checksums received for the
577                     basis file (only when sending)
578
579              o      %f the filename (long form on sender; no trailing "/")
580
581              o      %G the gid of the file (decimal) or "DEFAULT"
582
583              o      %h the remote host name
584
585              o      %i an itemized list of what is being updated
586
587              o      %l the length of the file in bytes
588
589              o      %L the string " -> SYMLINK", " => HARDLINK", or "" (where
590                     SYMLINK or HARDLINK is a filename)
591
592              o      %m the module name
593
594              o      %M the last-modified time of the file
595
596              o      %n the filename (short form; trailing "/" on dir)
597
598              o      %o the operation, which is "send", "recv", or "del." (the
599                     latter includes the trailing period)
600
601              o      %p the process ID of this rsync session
602
603              o      %P the module path
604
605              o      %t the current date time
606
607              o      %u the authenticated username or an empty string
608
609              o      %U the uid of the file (decimal)
610
611
612              For a list of what the characters mean that are output by  "%i",
613              see the --itemize-changes option in the rsync manpage.
614
615              Note  that  some  of the logged output changes when talking with
616              older rsync versions.  For instance,  deleted  files  were  only
617              output as verbose messages prior to rsync 2.6.4.
618
619       timeout
620              This parameter allows you to override the clients choice for I/O
621              timeout for this module. Using this  parameter  you  can  ensure
622              that  rsync  won’t wait on a dead client forever. The timeout is
623              specified in seconds. A value of zero means no  timeout  and  is
624              the  default.  A  good choice for anonymous rsync daemons may be
625              600 (giving a 10 minute timeout).
626
627       refuse options
628              This parameter allows you to specify a space-separated  list  of
629              rsync  command  line  options that will be refused by your rsync
630              daemon.  You may specify the full option  name,  its  one-letter
631              abbreviation,  or  a  wild-card  string  that  matches  multiple
632              options.  For example, this would refuse --checksum (-c) and all
633              the various delete options:
634
635                  refuse options = c delete
636
637
638              The  reason  the  above  refuses  all delete options is that the
639              options imply --delete, and implied  options  are  refused  just
640              like  explicit  options.   As  an additional safety feature, the
641              refusal of "delete" also refuses  remove-source-files  when  the
642              daemon is the sender; if you want the latter without the former,
643              instead refuse "delete-*" -- that refuses all the  delete  modes
644              without affecting --remove-source-files.
645
646              When  an  option  is refused, the daemon prints an error message
647              and exits.  To prevent all compression when serving  files,  you
648              can  use  "dont  compress  =  *"  (see below) instead of "refuse
649              options = compress" to avoid returning an error to a client that
650              requests compression.
651
652       dont compress
653              This  parameter allows you to select filenames based on wildcard
654              patterns that should not be compressed when pulling  files  from
655              the  daemon (no analogous parameter exists to govern the pushing
656              of files to a daemon).  Compression is expensive in terms of CPU
657              usage,  so  it is usually good to not try to compress files that
658              won’t compress well, such as already compressed files.
659
660              The "dont compress" parameter takes a  space-separated  list  of
661              case-insensitive wildcard patterns. Any source filename matching
662              one of the patterns will not be compressed during transfer.
663
664              See the --skip-compress parameter in the  rsync(1)  manpage  for
665              the  list  of  file suffixes that are not compressed by default.
666              Specifying a value for the "dont compress" parameter changes the
667              default when the daemon is the sender.
668
669       pre-xfer exec, post-xfer exec
670              You  may  specify  a  command  to be run before and/or after the
671              transfer.  If the pre-xfer exec command fails, the  transfer  is
672              aborted before it begins.
673
674              The following environment variables will be set, though some are
675              specific to the pre-xfer or the post-xfer environment:
676
677              o      RSYNC_MODULE_NAME: The name of the module being accessed.
678
679              o      RSYNC_MODULE_PATH: The path configured for the module.
680
681              o      RSYNC_HOST_ADDR: The accessing host’s IP address.
682
683              o      RSYNC_HOST_NAME: The accessing host’s name.
684
685              o      RSYNC_USER_NAME: The accessing user’s name (empty  if  no
686                     user).
687
688              o      RSYNC_PID: A unique number for this transfer.
689
690              o      RSYNC_REQUEST: (pre-xfer only) The module/path info spec‐
691                     ified by the user (note that the user can specify  multi‐
692                     ple  source  files,  so the request can be something like
693                     "mod/path1 mod/path2", etc.).
694
695              o      RSYNC_ARG#: (pre-xfer only) The pre-request arguments are
696                     set  in  these  numbered  values.  RSYNC_ARG0  is  always
697                     "rsyncd", and the last value contains a single period.
698
699              o      RSYNC_EXIT_STATUS: (post-xfer  only)  the  server  side’s
700                     exit value.  This will be 0 for a successful run, a posi‐
701                     tive value for an error that the server generated,  or  a
702                     -1  if rsync failed to exit properly.  Note that an error
703                     that occurs on the client side  does  not  currently  get
704                     sent  to  the  server side, so this is not the final exit
705                     status for the whole transfer.
706
707              o      RSYNC_RAW_STATUS: (post-xfer only)  the  raw  exit  value
708                     from waitpid() .
709
710
711              Even  though  the  commands  can be associated with a particular
712              module, they are run using the  permissions  of  the  user  that
713              started  the  daemon  (not the module’s uid/gid setting) without
714              any chroot restrictions.
715

AUTHENTICATION STRENGTH

717       The authentication protocol used in rsync is a 128 bit MD4 based  chal‐
718       lenge  response system. This is fairly weak protection, though (with at
719       least one brute-force hash-finding algorithm publicly available), so if
720       you  want  really  top-quality  security, then I recommend that you run
721       rsync over ssh.  (Yes, a future version of rsync will switch over to  a
722       stronger hashing method.)
723
724       Also note that the rsync daemon protocol does not currently provide any
725       encryption of the data that is transferred over  the  connection.  Only
726       authentication  is  provided.  Use  ssh  as  the  transport if you want
727       encryption.
728
729       Future versions of rsync may support SSL for better authentication  and
730       encryption, but that is still being investigated.
731

EXAMPLES

733       A  simple  rsyncd.conf file that allow anonymous rsync to a ftp area at
734       /home/ftp would be:
735
736       [ftp]
737               path = /home/ftp
738               comment = ftp export area
739
740
741
742       A more sophisticated example would be:
743
744       uid = nobody
745       gid = nobody
746       use chroot = yes
747       max connections = 4
748       syslog facility = local5
749       pid file = /var/run/rsyncd.pid
750
751       [ftp]
752               path = /var/ftp/./pub
753               comment = whole ftp area (approx 6.1 GB)
754
755       [sambaftp]
756               path = /var/ftp/./pub/samba
757               comment = Samba ftp area (approx 300 MB)
758
759       [rsyncftp]
760               path = /var/ftp/./pub/rsync
761               comment = rsync ftp area (approx 6 MB)
762
763       [sambawww]
764               path = /public_html/samba
765               comment = Samba WWW pages (approx 240 MB)
766
767       [cvs]
768               path = /data/cvs
769               comment = CVS repository (requires authentication)
770               auth users = tridge, susan
771               secrets file = /etc/rsyncd.secrets
772
773
774
775       The /etc/rsyncd.secrets file would look something like this:
776
777              tridge:mypass
778              susan:herpass
779
780

FILES

782       /etc/rsyncd.conf or rsyncd.conf
783

SEE ALSO

785       rsync(1)
786

DIAGNOSTICS

BUGS

789       Please report  bugs!  The  rsync  bug  tracking  system  is  online  at
790       http://rsync.samba.org/
791

VERSION

793       This man page is current for version 3.0.8 of rsync.
794

CREDITS

796       rsync  is distributed under the GNU public license.  See the file COPY‐
797       ING for details.
798
799       The primary ftp site for rsync is ftp://rsync.samba.org/pub/rsync.
800
801       A WEB site is available at http://rsync.samba.org/
802
803       We would be delighted to hear from you if you like this program.
804
805       This program uses the zlib compression  library  written  by  Jean-loup
806       Gailly and Mark Adler.
807

THANKS

809       Thanks  to Warren Stanley for his original idea and patch for the rsync
810       daemon. Thanks to Karsten Thygesen for his many suggestions  and  docu‐
811       mentation!
812

AUTHOR

814       rsync  was  written by Andrew Tridgell and Paul Mackerras.  Many people
815       have later contributed to it.
816
817       Mailing  lists  for  support   and   development   are   available   at
818       http://lists.samba.org
819
820
821
822                                  26 Mar 2011                   rsyncd.conf(5)
Impressum