On Tue, Feb 13, 2001 at 12:11:17PM -0500, Wrieth, Henry wrote:
> Dave, Thanks for your comments. Unfortunately, rsh is not an option, thus
> my desire for --execute. Rsh is not allowed through my firewalls into the
> dmz's where many of my targets live. A dist daemon in the dmz, reachable by
> internal distribution hubs only, is acceptable. If rsync can not handle the
> -execute channel, I will have to build another service on another port
> instead of using the existing rsync connection. OpenDeploy is the only
> other tool I know of which offers this feature.
>
> Judging by the response, I guess there is not much interest in building
> --execute or maintaining it in the rsync daemon.
I still think a simple and general mechanism to execute a command from an
rsyncd.conf makes sense, but I don't think it's a good idea to greatly
expand the authentication mechanisms in the rsync daemon. In general I
think the rsync daemon was designed to be a read-only server with a small
amount of support for uploading, and if complex uploading and authentication
is needed then there are other tools that can still carry the rsync protocol.
Remember, though, that this is just my opinion and I'm not the official
maintainer anymore. It's really up to Andrew Tridgell and Martin Pool to
decide.
SSH (specifically OpenSSH) is still probably your best bet, and keep in
mind that you can run it on a non-standard port if that helps; if you've
got enough cooperation with your firewall people and system administrators
to run an rsync daemon you should be able to run your own SSH instance just
as easily.
- Dave Dykstra
