On Sun, 25 Apr 2021 at 17:53, Chris Cowan via rsync
<rsync@lists.samba.org> wrote:
>
>  I’ve also been looking at several solutions that try to sandbox 
> openssh/rsync.    These include rssh (which should not be used anymore,  
> because it's Abandon-ware.  But, it is what I am most familiar with), GNU 
> rush, and daethnir/authprogs on github.    None of these seems to be able to 
> provide me the control, with rsync, when  –protect-args is used.  Unless I’m 
> mistaken, the filtering has to be done by the rsync --server --sender process 
> itself, since it's the only thing that has visibility to the filepath passed 
> in the ssh channel.

I like to use rsync in daemon mode over ssh for that type of thing, because:

* you don't need a shim, just make the ssh forced command "rsync
--server --daemon --config /path/to/some/rsyncd.conf ."
* the --daemon turns on extra server side security checks
* you always have --protect-args when in daemon mode
* you can sandbox the transfer root and other things with settings in
the rsyncd.conf

Example rsync.conf for allowing reading of /var/lib/{foo,bar} but
writes to only /var/lib/foo :


use chroot = no

[foo]
path = /var/lib/foo
read only = no

[bar]
path = /var/lib/bar
read only = yes


On the client side you use the :: syntax to specify a module in an
rsync daemon along with "-e ssh" to get daemon mode over ssh, for
example to write to /var/lib/foo/someplace you could:

 rsync -e ssh [OTHER OPTIONS] /tmp/new-foo-things ${hostname}::foo/someplace

-- 
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Reply via email to