I don't know ssh well enough to know whether it passes parameters besides
the ones specified in authorized_keys. I think it passes parameters,
though, because rsync over ssh is the basis of the IBM Content Promotion
Tool (along with DCE/DFS), and it is TIGHTLY controlled. It couldn't work
if parameters like "--server -lWHogDtprRz --bwlimit=128 --force .
/wan/pri-tools1/big1/cadappl1/hpux/iclibs/CMOS12/PcCMOS12xcorelib" (an
example from currently running stuff on one of my systems)can't be passed.
You don't want to try to preparse the args. They will change in the
future.
command='/path/to/rsync'.
Tim Conway
[EMAIL PROTECTED]
303.682.4917
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(nnnnnnnnnnnn,
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970),
".\n" '
"There are some who call me.... Tim?"
Bennett Todd <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
05/23/2002 06:57 AM
To: "Brian D. Hamm" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
(bcc: Tim Conway/LMT/SC/PHILIPS)
Subject: Re: restricting rsync over ssh
Classification:
On Wed, May 22, 2002 at 10:01:27PM -0400, Brian D. Hamm wrote:
> The --server --sender options left me a little confused. I understand
> what they stand for but these options are not in the help and they don't
> appear to be variables.
Yes indeed, as I tried to indicate, rsync has a private protocol, based on
the
use of undocumented cmdline options, for talking to itself in various
settings.
I believe it's pretty near obligatory to presume that such a private
protocol
is kept undocumented so as to reserve the right to the rsync developers to
change it without notice in future versions; that's why I cautioned that
doing
this sort of restriction puts you in the position of perhaps having to
revisit
it when another release comes around, and having to do some guesswork if
you
want a wrapper to parse the cmdline to provide restricted flexibility in
permitted invocations.
What say, rsync developers, any chance that the details of this cmdline
invocation --- the one rsync runs over rsh or ssh or whatever to establish
it's connection --- could be formally documented? Combined with such
tricks as
the authorized_keys command="..." plus SSH_ORIGINAL_COMMAND this would
provide
us a documented way to provide fine-grained restrictions over what is
allowed.
I really like doing this; e.g. I've set up backup facilities where the
server
that's being backed up can _only_ update its own mirror area, and the
history
of previous contents (as well as everything else on the system) are
inaccessible to it.
-Bennett
--
To unsubscribe or change options:
http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
--
To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
