diff options
author | Wayne Davison <wayne@opencoder.net> | 2021-12-26 12:29:00 -0800 |
---|---|---|
committer | Wayne Davison <wayne@opencoder.net> | 2021-12-26 12:29:00 -0800 |
commit | 72adf49ba8cb81426e2b9799fbd43c6284b013a9 (patch) | |
tree | 23dd23c64c4604fac8062fac83c3c64d36eadd0e /support/rrsync.1.md | |
parent | 73ceea6ad2af00f251a5e79a0a258f9fee97d531 (diff) | |
download | rsync-72adf49ba8cb81426e2b9799fbd43c6284b013a9.tar.gz |
rrsync improvements
- Convert rrsync to python.
- Enhance security of arg & option checking.
- Reject `-L` (`--copy-links`) by default.
- Add `-munge` and `-no-del` options.
- Tweak the logfile line format.
- Created an rrsync man page.
- Use `configure --with-rrsync` if you want `make install` to install
rrsync and its man page.
- Give lsh more rrsync testing support.
Diffstat (limited to 'support/rrsync.1.md')
-rw-r--r-- | support/rrsync.1.md | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/support/rrsync.1.md b/support/rrsync.1.md new file mode 100644 index 00000000..b945ecf0 --- /dev/null +++ b/support/rrsync.1.md @@ -0,0 +1,89 @@ +# NAME + +rrsync - a script to setup restricted rsync users via ssh logins + +# SYNOPSIS + +``` +rrsync [-ro|-rw] [-munge] [-no-del] DIR +``` + +# DESCRIPTION + +A user's ssh login can be restricted to only allow the running of an rsync +transfer in one of two easy ways: forcing the running of the rrsync script +or forcing the running of an rsync daemon-over-ssh command. + +To use the rrsync script, add a prefix like one of the following (followed by a +space) in front of each ssh-key line in the user's `~/.ssh/authorized_keys` +file that should be restricted: + +> ``` +> command="rrsync DIR" +> command="rrsync -ro DIR" +> command="rrsync -munge -no-del DIR" +> ``` + +Then, ensure that the rrsync script has your desired option restrictions. You +may want to copy the script to a local bin dir with a unique name if you want +to have multiple configurations. One or more rrsync options can be specified +prior to the `DIR` if you want to further restrict the transfer. + +To use an rsync daemon setup, add one of the following prefixes (followed by a +space) in front of each ssh-key line in the user's `~/.ssh/authorized_keys` +file that should be restricted: + +> ``` +> command="rsync --server --daemon ." +> command="rsync --server --daemon --config=/PATH/TO/rsyncd.conf ." +> ``` + +Then, ensure that the rsyncd.conf file is created with one or more module names +with the appropriate path and option restrictions. If the `--config` option is +omitted, it defaults to `~/rsyncd.conf`. See the `rsyncd.conf` man page for +details of how to configure an rsync daemon. + +The remainder of this man page is dedicated to using the rrsync script. + +# OPTION SUMMARY + +``` +-ro Allow only reading from the DIR. Implies -no-del. +-wo Allow only writing to the DIR. +-no-del Disable rsync's --delete* and --remove* options. +-munge Enable rsync's --munge-links on the server side. +-help, -h Output this help message and exit. +``` + +A single non-option argument specifies the restricted DIR to use. It can be +relative to the user's home directory or an absolute path. + +# SECURITY RESTRICTIONS + +The rrsync script validates the path arguments it is sent to try to restrict +them to staying within the specified DIR. + +The rrsync script rejects rsync's `--copy-links`` option (by default) so that a +copy cannot dereference a symlink within the DIR to get to a file outside the +DIR. + +The rrsync script rejects rsync's `--protect-args` (`-s`) option because it +would allow options to be sent to the server-side that the script could not +check. If you want to support `--protect-args`, use a daemon-over-ssh setup. + +The rrsync script accepts just a subset of rsync's options that the real rsync +uses when running the server command. A few extra convenience options are also +included to help it to interact with BackupPC and accept some convenient user +overrides. + +The script (or a copy of it) can be manually edited if you want it to customize +the option handling. + +# EXAMPLES + +The `.ssh/authorized_keys` file might have lines in it like this: + +> ``` +> command="rrsync client/logs" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzG... +> command="rrsync -ro results" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAmk... +> ``` |