rsyncd.conf.5

Rsync 3.0.5 source code

the transfer.  If this value is set on a per-module basis instead of
globally, the global log will still contain any authorization failures
or config-file error messages.
.IP 
If the daemon fails to open the specified file, it will fall back to
using syslog and output an error about the failure.  (Note that the
failure to open the specified log file used to be a fatal error.)
.IP 
.IP "\fBsyslog facility\fP"
This parameter allows you to
specify the syslog facility name to use when logging messages from the
rsync daemon. You may use any standard syslog facility name which is
defined on your system. Common names are auth, authpriv, cron, daemon,
ftp, kern, lpr, mail, news, security, syslog, user, uucp, local0,
local1, local2, local3, local4, local5, local6 and local7. The default
is daemon.  This setting has no effect if the \(lqlog file\(rq setting is a
non-empty string (either set in the per-modules settings, or inherited
from the global settings).
.IP 
.IP "\fBmax verbosity\fP"
This parameter allows you to control
the maximum amount of verbose information that you'll allow the daemon to
generate (since the information goes into the log file). The default is 1,
which allows the client to request one level of verbosity.
.IP 
.IP "\fBlock file\fP"
This parameter specifies the file to use to
support the \(lqmax connections\(rq parameter. The rsync daemon uses record
locking on this file to ensure that the max connections limit is not
exceeded for the modules sharing the lock file.
The default is \f(CW/var/run/rsyncd.lock\fP.
.IP 
.IP "\fBread only\fP"
This parameter determines whether clients
will be able to upload files or not. If \(lqread only\(rq is true then any
attempted uploads will fail. If \(lqread only\(rq is false then uploads will
be possible if file permissions on the daemon side allow them. The default
is for all modules to be read only.
.IP 
.IP "\fBwrite only\fP"
This parameter determines whether clients
will be able to download files or not. If \(lqwrite only\(rq is true then any
attempted downloads will fail. If \(lqwrite only\(rq is false then downloads
will be possible if file permissions on the daemon side allow them.  The
default is for this parameter to be disabled.
.IP 
.IP "\fBlist\fP"
This parameter determines if this module should be
listed when the client asks for a listing of available modules. By
setting this to false you can create hidden modules. The default is
for modules to be listable.
.IP 
.IP "\fBuid\fP"
This parameter specifies the user name or user ID that
file transfers to and from that module should take place as when the daemon
was run as root. In combination with the \(lqgid\(rq parameter this determines what
file permissions are available. The default is uid \-2, which is normally
the user \(lqnobody\(rq.
.IP 
.IP "\fBgid\fP"
This parameter specifies the group name or group ID that
file transfers to and from that module should take place as when the daemon
was run as root. This complements the \(lquid\(rq parameter. The default is gid \-2,
which is normally the group \(lqnobody\(rq.
.IP 
.IP "\fBfake super\fP"
Setting \(lqfake super = yes\(rq for a module causes the
daemon side to behave as if the \fB\-\-fake\-user\fP command-line option had
been specified.  This allows the full attributes of a file to be stored
without having to have the daemon actually running as root.
.IP 
.IP "\fBfilter\fP"
The daemon has its own filter chain that determines what files
it will let the client access.  This chain is not sent to the client and is
independent of any filters the client may have specified.  Files excluded by
the daemon filter chain (\fBdaemon-excluded\fP files) are treated as non-existent
if the client tries to pull them, are skipped with an error message if the
client tries to push them (triggering exit code 23), and are never deleted from
the module.  You can use daemon filters to prevent clients from downloading or
tampering with private administrative files, such as files you may add to
support uid/gid name translations.
.IP 
The daemon filter chain is built from the \(lqfilter\(rq, \(lqinclude from\(rq, \(lqinclude\(rq,
\(lqexclude from\(rq, and \(lqexclude\(rq parameters, in that order of priority.  Anchored
patterns are anchored at the root of the module.  To prevent access to an
entire subtree, for example, \(lq/secret\(rq, you \fImust\fP exclude everything in the
subtree; the easiest way to do this is with a triple-star pattern like
\(lq/secret/***\(rq.
.IP 
The \(lqfilter\(rq parameter takes a space-separated list of daemon filter rules,
though it is smart enough to know not to split a token at an internal space in
a rule (e.g. \(lq\- /foo  \(em /bar\(rq is parsed as two rules).  You may specify one or
more merge-file rules using the normal syntax.  Only one \(lqfilter\(rq parameter can
apply to a given module in the config file, so put all the rules you want in a
single parameter.  Note that per-directory merge-file rules do not provide as
much protection as global rules, but they can be used to make \fB\-\-delete\fP work
better during a client download operation if the per-dir merge files are
included in the transfer and the client requests that they be used.
.IP 
.IP "\fBexclude\fP"
This parameter takes a space-separated list of daemon
exclude patterns.  As with the client \fB\-\-exclude\fP option, patterns can be
qualified with \(lq\- \(rq or \(lq+ \(rq to explicitly indicate exclude/include.  Only one
\(lqexclude\(rq parameter can apply to a given module.  See the \(lqfilter\(rq parameter
for a description of how excluded files affect the daemon.
.IP 
.IP "\fBinclude\fP"
Use an \(lqinclude\(rq to override the effects of the \(lqexclude\(rq
parameter.  Only one \(lqinclude\(rq parameter can apply to a given module.  See the
\(lqfilter\(rq parameter for a description of how excluded files affect the daemon.
.IP 
.IP "\fBexclude from\fP"
This parameter specifies the name of a file
on the daemon that contains daemon exclude patterns, one per line.  Only one
\(lqexclude from\(rq parameter can apply to a given module; if you have multiple
exclude-from files, you can specify them as a merge file in the \(lqfilter\(rq
parameter.  See the \(lqfilter\(rq parameter for a description of how excluded files
affect the daemon.
.IP 
.IP "\fBinclude from\fP"
Analogue of \(lqexclude from\(rq for a file of daemon include
patterns.  Only one \(lqinclude from\(rq parameter can apply to a given module.  See
the \(lqfilter\(rq parameter for a description of how excluded files affect the
daemon.
.IP 
.IP "\fBincoming chmod\fP"
This parameter allows you to specify a set of
comma-separated chmod strings that will affect the permissions of all
incoming files (files that are being received by the daemon).  These
changes happen after all other permission calculations, and this will
even override destination-default and/or existing permissions when the
client does not specify \fB\-\-perms\fP.
See the description of the \fB\-\-chmod\fP rsync option and the \fBchmod\fP(1)
manpage for information on the format of this string.
.IP 
.IP "\fBoutgoing chmod\fP"
This parameter allows you to specify a set of
comma-separated chmod strings that will affect the permissions of all
outgoing files (files that are being sent out from the daemon).  These
changes happen first, making the sent permissions appear to be different
than those stored in the filesystem itself.  For instance, you could
disable group write permissions on the server while having it appear to
be on to the clients.
See the description of the \fB\-\-chmod\fP rsync option and the \fBchmod\fP(1)
manpage for information on the format of this string.
.IP 
.IP "\fBauth users\fP"
This parameter specifies a comma and
space-separated list of usernames that will be allowed to connect to
this module. The usernames do not need to exist on the local
system. The usernames may also contain shell wildcard characters. If
\(lqauth users\(rq is set then the client will be challenged to supply a
username and password to connect to the module. A challenge response
authentication protocol is used for this exchange. The plain text
usernames and passwords are stored in the file specified by the
\(lqsecrets file\(rq parameter. The default is for all users to be able to
connect without a password (this is called \(lqanonymous rsync\(rq).
.IP 
See also the \(lqCONNECTING TO AN RSYNC DAEMON OVER A REMOTE SHELL
PROGRAM\(rq section in \fBrsync\fP(1) for information on how handle an
rsyncd.conf\-level username that differs from the remote-shell-level
username when using a remote shell to connect to an rsync daemon.
.IP 
.IP "\fBsecrets file\fP"
This parameter specifies the name of
a file that contains the username:password pairs used for
authenticating this module. This file is only consulted if the \(lqauth
users\(rq parameter is specified. The file is line based and contains
username:password pairs separated by a single colon. Any line starting
with a hash (#) is considered a comment and is skipped. The passwords
can contain any characters but be warned that many operating systems
limit the length of passwords that can be typed at the client end, so
you may find that passwords longer than 8 characters don't work.
.IP 
There is no default for the \(lqsecrets file\(rq parameter, you must choose a name
(such as \f(CW/etc/rsyncd.secrets\fP).  The file must normally not be readable
by \(lqother\(rq; see \(lqstrict modes\(rq.
.IP 
.IP "\fBstrict modes\fP"
This parameter determines whether or not
the permissions on the secrets file will be checked.  If \(lqstrict modes\(rq is
true, then the secrets file must not be readable by any user ID other
than the one that the rsync daemon is running under.  If \(lqstrict modes\(rq is
false, the check is not performed.  The default is true.  This parameter
was added to accommodate rsync running on the Windows operating system.
.IP 
.IP "\fBhosts allow\fP"
This parameter allows you to specify a
list of patterns that are matched against a connecting clients
hostname and IP address. If none of the patterns match then the
connection is rejected.
.IP 
Each pattern can be in one of five forms:
.IP 
.RS 
.IP o 
a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address
of the form a:b:c::d:e:f. In this case the incoming machine's IP address
must match exactly.
.IP o 
an address/mask in the form ipaddr/n where ipaddr is the IP address
and n is the number of one bits in the netmask.  All IP addresses which
match the masked IP address will be allowed in.
.IP o 
an address/mask in the form ipaddr/maskaddr where ipaddr is the
IP address and maskaddr is the netmask in dotted decimal notation for IPv4,
or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP
addresses which match the masked IP address will be allowed in.
.IP o 
a hostname. The hostname as determined by a reverse lookup will
be matched (case insensitive) against the pattern. Only an exact
match is allowed in.
.IP o 
a hostname pattern using wildcards. These are matched using the
same rules as normal unix filename matching. If the pattern matches
then the client is allowed in.
.RE

.IP 
Note IPv6 link-local addresses can have a scope in the address specification:
.IP 
.RS 
\f(CW    fe80::1%link1\fP
.br 
\f(CW    fe80::%link1/64\fP
.br 
\f(CW    fe80::%link1/ffff:ffff:ffff:ffff::\fP
.br 
.RE

.IP 
You can also combine \(lqhosts allow\(rq with a separate \(lqhosts deny\(rq
parameter. If both parameters are specified then the \(lqhosts allow\(rq parameter is
checked first and a match results in the client being able to
connect. The \(lqhosts deny\(rq parameter is then checked and a match means
that the host is rejected. If the host does not match either the
\(lqhosts allow\(rq or the \(lqhosts deny\(rq patterns then it is allowed to
connect.
.IP 
The default is no \(lqhosts allow\(rq parameter, which means all hosts can connect.
.IP 
.IP "\fBhosts deny\fP"
This parameter allows you to specify a
list of patterns that are matched against a connecting clients
hostname and IP address. If the pattern matches then the connection is
rejected. See the \(lqhosts allow\(rq parameter for more information.
.IP 
The default is no \(lqhosts deny\(rq parameter, which means all hosts can connect.
.IP 
.IP "\fBignore errors\fP"
This parameter tells rsyncd to
ignore I/O errors on the daemon when deciding whether to run the delete
phase of the transfer. Normally rsync skips the \fB\-\-delete\fP step if any
I/O errors have occurred in order to prevent disastrous deletion due
to a temporary resource shortage or other I/O error. In some cases this
test is counter productive so you can use this parameter to turn off this
behavior.
.IP 
.IP "\fBignore nonreadable\fP"
This tells the rsync daemon to completely
ignore files that are not readable by the user. This is useful for
public archives that may have some non-readable files among the
directories, and the sysadmin doesn't want those files to be seen at all.
.IP 
.IP "\fBtransfer logging\fP"
This parameter enables per-file
logging of downloads and uploads in a format somewhat similar to that
used by ftp daemons.  The daemon always logs the transfer at the end, so
if a transfer is aborted, no mention will be made in the log file.
.IP 
If you want to customize the log lines, see the \(lqlog format\(rq parameter.
.IP 
.IP "\fBlog format\fP"
This parameter allows you to specify the
format used for logging file transfers when transfer logging is enabled.
The format is a text string containing embedded single-character escape
sequences prefixed with a percent (%) character.  An optional numeric
field width may also be specified between the percent and the escape
letter (e.g. \(lq\fB%\-50n %8l %07p\fP\(rq).
.IP 
The default log format is \(lq%o %h [%a] %m (%u) %f %l\(rq, and a \(lq%t [%p] \(rq
is always prefixed when using the \(lqlog file\(rq parameter.
(A perl script that will summarize this default log format is included
in the rsync source code distribution in the \(lqsupport\(rq subdirectory:
rsyncstats.)
.IP 
The single-character escapes that are understood are as follows: