diff options
| author | Wayne Davison <wayne@opencoder.net> | 2022-01-16 08:56:51 -0800 |
|---|---|---|
| committer | Wayne Davison <wayne@opencoder.net> | 2022-01-16 10:47:36 -0800 |
| commit | d07272d631733508da58ecdca2f458f4b0736bbf (patch) | |
| tree | bc4037f027390e7dea8b8f65468dcd4012ef282d /support/rrsync.1.md | |
| parent | e2a011d9d0c2c484402a29a0d060a5fad4717f81 (diff) | |
| download | rsync-d07272d631733508da58ecdca2f458f4b0736bbf.tar.gz | |
More man page and NEWS improvements.
- Add link targets for all option choices, not just the first one.
- Tweak cross-link arg format.
- Add more links, including some in the latest NEWS.
- Split out a few numbered lists.
Diffstat (limited to 'support/rrsync.1.md')
| -rw-r--r-- | support/rrsync.1.md | 63 |
1 files changed, 39 insertions, 24 deletions
diff --git a/support/rrsync.1.md b/support/rrsync.1.md index 9ab09d7a..54980db0 100644 --- a/support/rrsync.1.md +++ b/support/rrsync.1.md @@ -8,6 +8,9 @@ rrsync - a script to setup restricted rsync users via ssh logins rrsync [-ro|-rw] [-munge] [-no-del] [-no-lock] DIR ``` +The single non-option argument specifies the restricted _DIR_ to use. It can be +relative to the user's home directory or an absolute path. + The online version of this man page (that includes cross-linking of topics) is available at <https://download.samba.org/pub/rsync/rrsync.1>. @@ -30,7 +33,7 @@ ssh-key line that should be restricted: Then, ensure that the rrsync script has your desired option restrictions. You may want to copy the script to a local bin dir with a unique name if you want to have multiple configurations. One or more rrsync options can be specified -prior to the `DIR` if you want to further restrict the transfer. +prior to the _DIR_ if you want to further restrict the transfer. To use an rsync daemon setup, edit the user's `~/.ssh/authorized_keys` file and add a prefix like one of the following (followed by a space) in front of each @@ -43,9 +46,8 @@ ssh-key line that should be restricted: Then, ensure that the rsyncd.conf file is created with one or more module names with the appropriate path and option restrictions. If rsync's -[`--config`](./rsync.1#daemon-opt--config) option is omitted, it defaults to -`~/rsyncd.conf`. See the `rsyncd.conf` man page for details of how to -configure an rsync daemon. +[`--config`](rsync.1#dopt) option is omitted, it defaults to `~/rsyncd.conf`. +See the `rsyncd.conf` man page for details of how to configure an rsync daemon. When using rrsync, there can be just one restricted dir per authorized key. A daemon setup, on the other hand, allows multiple module names inside the config @@ -53,33 +55,46 @@ file, each one with its own path setting. The remainder of this man page is dedicated to using the rrsync script. -## OPTION SUMMARY +## OPTIONS -``` --ro Allow only reading from the DIR. Implies -no-del and -no-lock. --wo Allow only writing to the DIR. --munge Enable rsync's --munge-links on the server side. --no-del Disable rsync's --delete* and --remove* options. --no-lock Avoid the single-run (per-user) lock check. --help, -h Output this help message and exit. -``` +0. `-ro` -A single non-option argument specifies the restricted DIR to use. It can be -relative to the user's home directory or an absolute path. + Allow only reading from the DIR. Implies [`-no-del`](#opt) and + [`-no-lock`](#opt). + +0. `-wo` + + Allow only writing to the DIR. + +0. `-munge` + + Enable rsync's [`--munge-links`](rsync.1#opt) on the server side. + +0. `-no-del` + + Disable rsync's `--delete*` and `--remove*` options. + +0. `-no-lock` + + Avoid the single-run (per-user) lock check. Useful with [`-munge`](#opt). + +0. `-help`, `-h` + + Output this help message and exit. ## SECURITY RESTRICTIONS The rrsync script validates the path arguments it is sent to try to restrict them to staying within the specified DIR. -The rrsync script rejects rsync's [`--copy-links`](./rsync.1#opt--copy-links) -option (by default) so that a copy cannot dereference a symlink within the DIR -to get to a file outside the DIR. +The rrsync script rejects rsync's [`--copy-links`](rsync.1#opt) option (by +default) so that a copy cannot dereference a symlink within the DIR to get to a +file outside the DIR. -The rrsync script rejects rsync's -[`--protect-args`](./rsync.1#opt--protect-args) (`-s`) option because it would -allow options to be sent to the server-side that the script cannot check. If -you want to support `--protect-args`, use a daemon-over-ssh setup. +The rrsync script rejects rsync's [`--protect-args`](rsync.1#opt) (`-s`) option +because it would allow options to be sent to the server-side that the script +cannot check. If you want to support `--protect-args`, use a daemon-over-ssh +setup. The rrsync script accepts just a subset of rsync's options that the real rsync uses when running the server command. A few extra convenience options are also @@ -104,7 +119,7 @@ The `~/.ssh/authorized_keys` file might have lines in it like this: ## SEE ALSO -[**rsync**(1)](./rsync.1) +[**rsync**(1)](rsync.1) ## VERSION @@ -113,7 +128,7 @@ This man page is current for version @VERSION@ of rsync. ## CREDITS rsync is distributed under the GNU General Public License. See the file -[COPYING](./COPYING) for details. +[COPYING](COPYING) for details. An rsync web site is available at <https://rsync.samba.org/> and its github project is <https://github.com/WayneD/rsync>. |