summaryrefslogtreecommitdiff
path: root/rsyncd.conf.yo
diff options
context:
space:
mode:
authorWayne Davison <wayned@samba.org>2006-10-12 03:01:18 +0000
committerWayne Davison <wayned@samba.org>2006-10-12 03:01:18 +0000
commit1a7f3d99c5d4bcb5f38e2143bfb99fdf571fab69 (patch)
tree0e4b92d9e082ac6d48fe383e4a9179ab2ea4dc7e /rsyncd.conf.yo
parente80876700c49d5465df9e4b7c3e2f985eb137b8d (diff)
downloadrsync-1a7f3d99c5d4bcb5f38e2143bfb99fdf571fab69.tar.gz
rsync-1a7f3d99c5d4bcb5f38e2143bfb99fdf571fab69.tar.bz2
rsync-1a7f3d99c5d4bcb5f38e2143bfb99fdf571fab69.zip
Removed the changes in symlink handling in non-chroot daemon mode as
they were not yet safe (I'll consider similar changes for the next release).
Diffstat (limited to 'rsyncd.conf.yo')
-rw-r--r--rsyncd.conf.yo26
1 files changed, 8 insertions, 18 deletions
diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo
index f6075d08..c174654a 100644
--- a/rsyncd.conf.yo
+++ b/rsyncd.conf.yo
@@ -126,12 +126,14 @@ for each module in tt(rsyncd.conf).
dit(bf(use chroot)) If "use chroot" is true, the rsync daemon will chroot
to the "path" before starting the file transfer with the client. This has
the advantage of extra protection against possible implementation security
-holes, but it has the disadvantages of requiring super-user privileges
-and of complicating the preservation of usernames and groups
-(see below). When "use chroot" is false, rsync takes extra steps to
-manually process symlinks in an attempt to make them behave the same
-way as when "use chroot" is true (this behavior is new for version
-2.6.9).
+holes, but it has the disadvantages of requiring super-user privileges,
+of not being able to follow symbolic links that are either absolute or outside
+of the new root path, and of complicating the preservation of usernames and groups
+(see below). When "use chroot" is false, for security reasons,
+symlinks may only be relative paths pointing to other files within the root
+path, and leading slashes are removed from most absolute paths (options
+such as bf(--backup-dir), bf(--compare-dest), etc. interpret an absolute path as
+rooted in the module's "path" dir, just as if chroot was specified).
The default for "use chroot" is true.
In order to preserve usernames and groupnames, rsync needs to be able to
@@ -162,18 +164,6 @@ Any clients connecting when the maximum has been reached will receive a
message telling them to try later. The default is 0 which means no limit.
See also the "lock file" option.
-dit(bf(munge symlinks)) The "munge symlinks" option tells rsync to not
-allow absolute symlinks (any leading slashes are stripped) and to trim
-parent-dir references ("../") if they attempt to move beyond the root of
-the transfer. Use this option if you need to ensure that other processes
-(besides a daemon rsync) don't ever see a module-created symlink that can
-point outside the module, or perhaps if you value safety over preserving
-symlink data.
-
-Prior to rsync 2.6.9, symlink munging was always enabled when "use chroot"
-was off, and always disabled when it was on. Starting with 2.6.9, this
-symlink-munging is totally controlled by the setting of this option.
-
dit(bf(log file)) When the "log file" option is set to a non-empty
string, the rsync daemon will log messages to the indicated file rather
than using syslog. This is particularly useful on systems (such as AIX)