On Tue, 11 Feb 2020 at 01:36, raf via rsync <rsync@lists.samba.org> wrote:
> rrysnc > sshdo - controls which commands may be executed via incoming ssh > authprogs - SSH Command Authenticator Those work for command line argument restrictions, but I like daemon mode for restriction. It's a way to tell rsync directly "we do not trust the client, don't let it out of this directory". It turns on stricter checks on file paths that make it harder to escape the restricted directory, and you get --munge-links automatically where it's necessary to prevent issues such as https://bugzilla.samba.org/show_bug.cgi?id=11879 Enforcing a restriction by filtering command line options and arguments seems a bit fragile in comparison. > allowed options = verbose archive > > and the presence of "allowed options" in rsyncd.conf causes > all other options (not present in that or any other "allowed > options" directive) to be disallowed. Just a thought. That would work, although it would mean a larger patch. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
