Difference between revisions of "Configure rsyncd.secrets"
From GLMWiki
(Sample rsyncd.conf file) |
|||
| Line 1: | Line 1: | ||
(View in Edit mode) | (View in Edit mode) | ||
| − | + | <--- notes | |
# A sample rsyncd.conf file usable with BackupPC. This file does not | # A sample rsyncd.conf file usable with BackupPC. This file does not | ||
# completely document all of the settings for rsyncd.conf - see the | # completely document all of the settings for rsyncd.conf - see the | ||
Revision as of 15:12, 14 September 2009
(View in Edit mode) <--- notes
- A sample rsyncd.conf file usable with BackupPC. This file does not
- completely document all of the settings for rsyncd.conf - see the
- man page that comes with the rsync ditribution for a comprehensive
- overview off all available settings.
- Allow rsync to change the root directory to the module location
- upon connection of a client. This is disabled for Win32 as we do
- not provide a full Cygwin environment.
- Warning: with a setting of "false", absolute symlinks will be
- stripped of their leading "/". See "use chroot" in the rsyncd.conf
- man page. This is relevant for machines that support symlinks
- (WinXX machines do not).
use chroot = false
- Limit the simultaneous rsync connections to 4. Changing
- this to '1' should be sufficient for BackupPC.
max connections = 1
- Uncomment this line and change the path if
- you would like to log rsync messages.
log file = c:/rsyncd/rsyncd.log
- The location of the rsync process ID file
pid file = c:/rsyncd/rsyncd.pid
- The locations of the rsync lock file
lock file = c:/rsyncd/rsyncd.lock
- This is where we define the rsyncd modules. Add as many directories or
- files are you wish. To backup this module using BackupPC, set
- $Conf{RsyncShareName} to "docs" in this client's config.pl.
[RouterConfigs] <--- UPDATE SHARE NAME
# # Exact DOS style path to the file or directory to be rsync accessible # path = c:/RouterConfigs
# # A short description of the module. This is what is printed when # using rsync to "browse" the server for what modules are available. # comment = Router Configs directory
# # Does rsyncd ensure that the secrets file is read only by the # user running the process? If this is false then no check is # performed (useful for Win32 systems). However, you can change # this to "true" and make the secrets file READ ONLY by the user # running the rysncd process. If running from the command line # or upon login, this should be the user who is logged in. If # running as a Win32 service, then the SYSTEM account should be # the only account that can read the secrets file. # strict modes = false
# # What user(s) have access to this module. The user(s) must be # defined in the secrets file. A comma or space separated list. # # Example: # auth users = backup, root, larry # auth users = backup root larry # auth users = GLM-dhosh <--- UPDATE USERNAME
# # The location of the secrets file. Permissions must be READ ONLY # for the account running the rsyncd process unless # strict modes = false is set above. # secrets file = c:/rsyncd/rsyncd.secrets <--- UPDATE PASSWORD
# # What hosts are allowed access to this module? By default, all # hosts are allowed access. If you wish to further strengthen # the security of your setup, uncomment and replace with the IP # address your BackupPC server. This is a flexible setting and # can be one of: # # a dotted decimal IP address: 172.16.0.17 # a address/mask in the form a.b.c.d/n: 172.16.0.0/24 # an address/mask in the form ipaddr/maskaddr: 172.16.0.0/255.255.255.0 # a hostname: backupserver # a hostname pattern using wildcards: backup* # hosts allow = 192.168.99.214 # cvs2 <--- Only on our LAN hosts allow = 66.129.32.58 # bs0
# # Only allow clients to READ from the server. This prevents uploads # from remote machines. If you wish to allow uploads, change this too # "true". # # WARNING: Setting this to true means that BackupPC restores via # rsyncd will fail. You most likely want to set this to "false". # read only = false
# # Don't list this module if a client asks (provides another modest # layer of security since an attacker also has to guess the module # name - you could make it obscure if you want - but remember the # module name is sent in plain text so it can be sniffed). # list = false
- Example of how to share the entire C: drive. For BackupPC "cDrive"
- is the share name (ie: the value of $Conf{RsyncShareName}).
[downloads] <---- UPDATE SHARE NAME
path = c:/RouterConfigs comment = Router Configuration Directory backup auth users = GLM-dhosh secrets file = c:/rsyncd/rsyncd.secrets hosts allow = 192.168.99.214 # CVS2 <------ only on our LAN hosts allow = 66.129.32.58 # BS0 strict modes = false read only = true list = false
</nowiki>
