upstream/oracle/userland-gate: comparison components/rsync/patches/rsyncd.conf.5.patch

equal deleted inserted replaced

-:464763778976
+:3940bc347ca8
-*** rsync-3.0.6/rsyncd.conf.5	Fri May  8 10:41:20 2009
+--- rsync-3.0.8/rsyncd.conf.5.~1~	Sat Mar 26 14:37:52 2011
---- rsync-3.0.8/rsyncd.conf.5	Sat Mar 26 14:37:52 2011
++++ rsync-3.0.8/rsyncd.conf.5	Mon Jun 13 22:07:54 2011
-***************
+@@ -1,4 +1,4 @@
-*** 1,4 ****
+-.TH "rsyncd.conf" "5" "26 Mar 2011" "" ""
-! .TH "rsyncd.conf" "5" "8 May 2009" "" ""
++.TH "rsyncd.conf" "5" "8 May 2009" "" ""
 .SH "NAME"
 rsyncd.conf \(em configuration file for rsync in daemon mode
 .SH "SYNOPSIS"
---- 1,4 ----
+@@ -20,9 +20,9 @@
-! .TH "rsyncd.conf" "5" "26 Mar 2011" "" ""
+.PP
-.SH "NAME"
+The file consists of modules and parameters. A module begins with the
-rsyncd.conf \(em configuration file for rsync in daemon mode
+name of the module in square brackets and continues until the next
-.SH "SYNOPSIS"
+-module begins. Modules contain parameters of the form \(dq\&name = value\(dq\&.
-***************
++module begins. Modules contain parameters of the form \(lqname = value\(rq.
-*** 20,28 ****
+.PP
-.PP
+-The file is line\-based \-\- that is, each newline\-terminated line represents
-The file consists of modules and parameters. A module begins with the
++The file is line-based \(em that is, each newline-terminated line represents
-name of the module in square brackets and continues until the next
+either a comment, a module name or a parameter.
-! module begins. Modules contain parameters of the form \(lqname = value\(rq.
+.PP
-.PP
+Only the first equals sign in a parameter is significant. Whitespace before
-! The file is line-based \(em that is, each newline-terminated line represents
+@@ -34,7 +34,7 @@
-either a comment, a module name or a parameter.
+Any line beginning with a hash (#) is ignored, as are lines containing
-.PP
+only whitespace.
-Only the first equals sign in a parameter is significant. Whitespace before
+.PP
---- 20,28 ----
+-Any line ending in a \e is \(dq\&continued\(dq\& on the next line in the
-.PP
++Any line ending in a \e is \(lqcontinued\(rq on the next line in the
-The file consists of modules and parameters. A module begins with the
+customary UNIX fashion.
-name of the module in square brackets and continues until the next
+.PP
-! module begins. Modules contain parameters of the form \(dq\&name = value\(dq\&.
+The values following the equals sign in parameters are all either a string
-.PP
+@@ -53,9 +53,9 @@
-! The file is line\-based \-\- that is, each newline\-terminated line represents
+file ownership.  Otherwise, it must just have permission to read and
-either a comment, a module name or a parameter.
+write the appropriate data, log, and lock files.
 .PP
-Only the first equals sign in a parameter is significant. Whitespace before
+-You can launch it either via inetd, as a stand\-alone daemon, or from
-***************
+-an rsync client via a remote shell.  If run as a stand\-alone daemon then
-*** 34,40 ****
+-just run the command \(dq\&\fBrsync \-\-daemon\fP\(dq\& from a suitable startup script.
-Any line beginning with a hash (#) is ignored, as are lines containing
++You can launch it either via inetd, as a stand-alone daemon, or from
-only whitespace.
++an rsync client via a remote shell.  If run as a stand-alone daemon then
-.PP
++just run the command \(lq\fBrsync \-\-daemon\fP\(rq from a suitable startup script.
-! Any line ending in a \e is \(lqcontinued\(rq on the next line in the
+.PP
-customary UNIX fashion.
+When run via inetd you should add a line like this to /etc/services:
 .PP
-The values following the equals sign in parameters are all either a string
+@@ -71,12 +71,12 @@
---- 34,40 ----
+.fi
-Any line beginning with a hash (#) is ignored, as are lines containing
-only whitespace.
+.PP
-.PP
+-Replace \(dq\&/usr/bin/rsync\(dq\& with the path to where you have rsync installed on
-! Any line ending in a \e is \(dq\&continued\(dq\& on the next line in the
++Replace \(lq/usr/bin/rsync\(rq with the path to where you have rsync installed on
-customary UNIX fashion.
+your system.  You will then need to send inetd a HUP signal to tell it to
-.PP
+reread its config file.
-The values following the equals sign in parameters are all either a string
+.PP
-***************
+Note that you should \fBnot\fP send the rsync daemon a HUP signal to force
-*** 53,61 ****
+-it to reread the \f(CWrsyncd.conf\fP file. The file is re\-read on each client
-file ownership.  Otherwise, it must just have permission to read and
++it to reread the \f(CWrsyncd.conf\fP file. The file is re-read on each client
-write the appropriate data, log, and lock files.
+connection.
 .PP
-! You can launch it either via inetd, as a stand-alone daemon, or from
+.SH "GLOBAL PARAMETERS"
-! an rsync client via a remote shell.  If run as a stand-alone daemon then
+@@ -91,7 +91,7 @@
-! just run the command \(lq\fBrsync \-\-daemon\fP\(rq from a suitable startup script.
+.PP
-.PP
+.IP "\fBmotd file\fP"
-When run via inetd you should add a line like this to /etc/services:
+This parameter allows you to specify a
-.PP
+-\(dq\&message of the day\(dq\& to display to clients on each connect. This
---- 53,61 ----
++\(lqmessage of the day\(rq to display to clients on each connect. This
-file ownership.  Otherwise, it must just have permission to read and
+usually contains site information and any legal notices. The default
-write the appropriate data, log, and lock files.
+is no motd file.
-.PP
+.IP
-! You can launch it either via inetd, as a stand\-alone daemon, or from
+@@ -103,12 +103,12 @@
-! an rsync client via a remote shell.  If run as a stand\-alone daemon then
+.IP "\fBport\fP"
-! just run the command \(dq\&\fBrsync \-\-daemon\fP\(dq\& from a suitable startup script.
+You can override the default port the daemon will listen on
-.PP
+by specifying this value (defaults to 873).  This is ignored if the daemon
-When run via inetd you should add a line like this to /etc/services:
+-is being run by inetd, and is superseded by the \fB\-\-port\fP command\-line option.
-.PP
++is being run by inetd, and is superseded by the \fB\-\-port\fP command-line option.
-***************
+.IP
-*** 71,82 ****
+.IP "\fBaddress\fP"
-.fi
+You can override the default IP address the daemon
+will listen on by specifying this value.  This is ignored if the daemon is
-.PP
+-being run by inetd, and is superseded by the \fB\-\-address\fP command\-line option.
-! Replace \(lq/usr/bin/rsync\(rq with the path to where you have rsync installed on
++being run by inetd, and is superseded by the \fB\-\-address\fP command-line option.
-your system.  You will then need to send inetd a HUP signal to tell it to
+.IP
-reread its config file.
+.IP "\fBsocket options\fP"
-.PP
+This parameter can provide endless fun for people
-Note that you should \fBnot\fP send the rsync daemon a HUP signal to force
+@@ -119,7 +119,7 @@
-! it to reread the \f(CWrsyncd.conf\fP file. The file is re-read on each client
+system call for
-connection.
+details on some of the options you may be able to set. By default no
-.PP
+special socket options are set.  These settings can also be specified
-.SH "GLOBAL PARAMETERS"
+-via the \fB\-\-sockopts\fP command\-line option.
---- 71,82 ----
++via the \fB\-\-sockopts\fP command-line option.
-.fi
+.IP
+.SH "MODULE PARAMETERS"
-.PP
-! Replace \(dq\&/usr/bin/rsync\(dq\& with the path to where you have rsync installed on
+@@ -139,44 +139,44 @@
-your system.  You will then need to send inetd a HUP signal to tell it to
+of available modules. The default is no comment.
-reread its config file.
+.IP
-.PP
+.IP "\fBpath\fP"
-Note that you should \fBnot\fP send the rsync daemon a HUP signal to force
+-This parameter specifies the directory in the daemon\(cq\&s
-! it to reread the \f(CWrsyncd.conf\fP file. The file is re\-read on each client
++This parameter specifies the directory in the daemon's
-connection.
+filesystem to make available in this module.  You must specify this parameter
-.PP
+for each module in \f(CWrsyncd.conf\fP.
-.SH "GLOBAL PARAMETERS"
+.IP
-***************
+.IP "\fBuse chroot\fP"
-*** 91,97 ****
+-If \(dq\&use chroot\(dq\& is true, the rsync daemon will chroot
-.PP
+-to the \(dq\&path\(dq\& before starting the file transfer with the client.  This has
-.IP "\fBmotd file\fP"
++If \(lquse chroot\(rq is true, the rsync daemon will chroot
-This parameter allows you to specify a
++to the \(lqpath\(rq before starting the file transfer with the client.  This has
-! \(lqmessage of the day\(rq to display to clients on each connect. This
+the advantage of extra protection against possible implementation security
-usually contains site information and any legal notices. The default
+-holes, but it has the disadvantages of requiring super\-user privileges,
-is no motd file.
++holes, but it has the disadvantages of requiring super-user privileges,
-.IP
+of not being able to follow symbolic links that are either absolute or outside
---- 91,97 ----
+of the new root path, and of complicating the preservation of users and groups
-.PP
+by name (see below).
-.IP "\fBmotd file\fP"
+.IP
-This parameter allows you to specify a
+-As an additional safety feature, you can specify a dot\-dir in the module\(cq\&s
-! \(dq\&message of the day\(dq\& to display to clients on each connect. This
+-\(dq\&path\(dq\& to indicate the point where the chroot should occur.  This allows rsync
-usually contains site information and any legal notices. The default
+-to run in a chroot with a non\-\(dq\&/\(dq\& path for the top of the transfer hierarchy.
-is no motd file.
++As an additional safety feature, you can specify a dot-dir in the module's
-.IP
++\(lqpath\(rq to indicate the point where the chroot should occur.  This allows rsync
-***************
++to run in a chroot with a non\-"/\(rq path for the top of the transfer hierarchy.
-*** 103,114 ****
+Doing this guards against unintended library loading (since those absolute
-.IP "\fBport\fP"
+paths will not be inside the transfer hierarchy unless you have used an unwise
-You can override the default port the daemon will listen on
+pathname), and lets you setup libraries for the chroot that are outside of the
-by specifying this value (defaults to 873).  This is ignored if the daemon
+-transfer.  For example, specifying \(dq\&/var/rsync/./module1\(dq\& will chroot to the
-! is being run by inetd, and is superseded by the \fB\-\-port\fP command-line option.
+-\(dq\&/var/rsync\(dq\& directory and set the inside\-chroot path to \(dq\&/module1\(dq\&.  If you
-.IP
+-had omitted the dot\-dir, the chroot would have used the whole path, and the
-.IP "\fBaddress\fP"
+-inside\-chroot path would have been \(dq\&/\(dq\&.
-You can override the default IP address the daemon
++transfer.  For example, specifying \(lq/var/rsync/./module1\(rq will chroot to the
-will listen on by specifying this value.  This is ignored if the daemon is
++\(lq/var/rsync\(rq directory and set the inside-chroot path to \(lq/module1\(rq.  If you
-! being run by inetd, and is superseded by the \fB\-\-address\fP command-line option.
++had omitted the dot-dir, the chroot would have used the whole path, and the
-.IP
++inside-chroot path would have been \(lq/\(rq.
-.IP "\fBsocket options\fP"
+.IP
-This parameter can provide endless fun for people
+-When \(dq\&use chroot\(dq\& is false or the inside\-chroot path is not \(dq\&/\(dq\&, rsync will:
---- 103,114 ----
++When \(lquse chroot\(rq is false or the inside-chroot path is not \(lq/\(rq, rsync will:
-.IP "\fBport\fP"
+(1) munge symlinks by
-You can override the default port the daemon will listen on
+-default for security reasons (see \(dq\&munge symlinks\(dq\& for a way to turn this
-by specifying this value (defaults to 873).  This is ignored if the daemon
++default for security reasons (see \(lqmunge symlinks\(rq for a way to turn this
-! is being run by inetd, and is superseded by the \fB\-\-port\fP command\-line option.
+off, but only if you trust your users), (2) substitute leading slashes in
-.IP
+-absolute paths with the module\(cq\&s path (so that options such as
-.IP "\fBaddress\fP"
++absolute paths with the module's path (so that options such as
-You can override the default IP address the daemon
+\fB\-\-backup\-dir\fP, \fB\-\-compare\-dest\fP, etc. interpret an absolute path as
-will listen on by specifying this value.  This is ignored if the daemon is
+-rooted in the module\(cq\&s \(dq\&path\(dq\& dir), and (3) trim \(dq\&..\(dq\& path elements from
-! being run by inetd, and is superseded by the \fB\-\-address\fP command\-line option.
++rooted in the module's \(lqpath\(rq dir), and (3) trim \(lq..\(rq path elements from
-.IP
+args if rsync believes they would escape the module hierarchy.
-.IP "\fBsocket options\fP"
+-The default for \(dq\&use chroot\(dq\& is true, and is the safer choice (especially
-This parameter can provide endless fun for people
+-if the module is not read\-only).
-***************
++The default for \(lquse chroot\(rq is true, and is the safer choice (especially
-*** 119,125 ****
++if the module is not read-only).
-system call for
+.IP
-details on some of the options you may be able to set. By default no
+When this parameter is enabled, rsync will not attempt to map users and groups
-special socket options are set.  These settings can also be specified
+by name (by default), but instead copy IDs as though \fB\-\-numeric\-ids\fP had
-! via the \fB\-\-sockopts\fP command-line option.
+-been specified.  In order to enable name\-mapping, rsync needs to be able to
-.IP
++been specified.  In order to enable name-mapping, rsync needs to be able to
-.SH "MODULE PARAMETERS"
+use the standard library functions for looking up names and IDs (i.e.
+\f(CWgetpwuid()\fP
---- 119,125 ----
+,
-system call for
+@@ -191,12 +191,12 @@
-details on some of the options you may be able to set. By default no
+used by these library functions (traditionally /etc/passwd and
-special socket options are set.  These settings can also be specified
+/etc/group, but perhaps additional dynamic libraries as well).
-! via the \fB\-\-sockopts\fP command\-line option.
+.IP
-.IP
+-If you copy the necessary resources into the module\(cq\&s chroot area, you
-.SH "MODULE PARAMETERS"
+-should protect them through your OS\(cq\&s normal user/group or ACL settings (to
+-prevent the rsync module\(cq\&s user from being able to change them), and then
-***************
+-hide them from the user\(cq\&s view via \(dq\&exclude\(dq\& (see how in the discussion of
-*** 139,182 ****
++If you copy the necessary resources into the module's chroot area, you
-of available modules. The default is no comment.
++should protect them through your OS's normal user/group or ACL settings (to
-.IP
++prevent the rsync module's user from being able to change them), and then
-.IP "\fBpath\fP"
++hide them from the user's view via \(lqexclude\(rq (see how in the discussion of
-! This parameter specifies the directory in the daemon's
+that parameter).  At that point it will be safe to enable the mapping of users
-filesystem to make available in this module.  You must specify this parameter
+-and groups by name using the \(dq\&numeric ids\(dq\& daemon parameter (see below).
-for each module in \f(CWrsyncd.conf\fP.
++and groups by name using the \(lqnumeric ids\(rq daemon parameter (see below).
 .IP
-.IP "\fBuse chroot\fP"
+Note also that you are free to setup custom user/group information in the
-! If \(lquse chroot\(rq is true, the rsync daemon will chroot
+chroot area that is different from your normal system.  For example, you
-! to the \(lqpath\(rq before starting the file transfer with the client.  This has
+@@ -205,12 +205,12 @@
-the advantage of extra protection against possible implementation security
+.IP "\fBnumeric ids\fP"
-! holes, but it has the disadvantages of requiring super-user privileges,
+Enabling this parameter disables the mapping
-of not being able to follow symbolic links that are either absolute or outside
+of users and groups by name for the current daemon module.  This prevents
-of the new root path, and of complicating the preservation of users and groups
+-the daemon from trying to load any user/group\-related files or libraries.
-by name (see below).
++the daemon from trying to load any user/group-related files or libraries.
-.IP
+This enabling makes the transfer behave as if the client had passed
-! As an additional safety feature, you can specify a dot-dir in the module's
+-the \fB\-\-numeric\-ids\fP command\-line option.  By default, this parameter is
-! \(lqpath\(rq to indicate the point where the chroot should occur.  This allows rsync
+-enabled for chroot modules and disabled for non\-chroot modules.
-! to run in a chroot with a non\-"/\(rq path for the top of the transfer hierarchy.
++the \fB\-\-numeric\-ids\fP command-line option.  By default, this parameter is
-Doing this guards against unintended library loading (since those absolute
++enabled for chroot modules and disabled for non-chroot modules.
-paths will not be inside the transfer hierarchy unless you have used an unwise
+.IP
-pathname), and lets you setup libraries for the chroot that are outside of the
+-A chroot\-enabled module should not have this parameter enabled unless you\(cq\&ve
-! transfer.  For example, specifying \(lq/var/rsync/./module1\(rq will chroot to the
++A chroot-enabled module should not have this parameter enabled unless you've
-! \(lq/var/rsync\(rq directory and set the inside-chroot path to \(lq/module1\(rq.  If you
+taken steps to ensure that the module has the necessary resources it needs
-! had omitted the dot-dir, the chroot would have used the whole path, and the
+to translate names, and that it is not possible for a user to change those
-! inside-chroot path would have been \(lq/\(rq.
+resources.
-.IP
+@@ -219,52 +219,52 @@
-! When \(lquse chroot\(rq is false or the inside-chroot path is not \(lq/\(rq, rsync will:
+This parameter tells rsync to modify
-(1) munge symlinks by
+all incoming symlinks in a way that makes them unusable but recoverable
-! default for security reasons (see \(lqmunge symlinks\(rq for a way to turn this
+(see below).  This should help protect your files from user trickery when
-off, but only if you trust your users), (2) substitute leading slashes in
+-your daemon module is writable.  The default is disabled when \(dq\&use chroot\(dq\&
-! absolute paths with the module's path (so that options such as
+-is on and the inside\-chroot path is \(dq\&/\(dq\&, otherwise it is enabled.
-\fB\-\-backup\-dir\fP, \fB\-\-compare\-dest\fP, etc. interpret an absolute path as
++your daemon module is writable.  The default is disabled when \(lquse chroot\(rq
-! rooted in the module's \(lqpath\(rq dir), and (3) trim \(lq..\(rq path elements from
++is on and the inside-chroot path is \(lq/\(rq, otherwise it is enabled.
-args if rsync believes they would escape the module hierarchy.
+.IP
-! The default for \(lquse chroot\(rq is true, and is the safer choice (especially
+-If you disable this parameter on a daemon that is not read\-only, there
-! if the module is not read-only).
++If you disable this parameter on a daemon that is not read-only, there
-.IP
+are tricks that a user can play with uploaded symlinks to access
-When this parameter is enabled, rsync will not attempt to map users and groups
+-daemon\-excluded items (if your module has any), and, if \(dq\&use chroot\(dq\&
-by name (by default), but instead copy IDs as though \fB\-\-numeric\-ids\fP had
++daemon-excluded items (if your module has any), and, if \(lquse chroot\(rq
-! been specified.  In order to enable name-mapping, rsync needs to be able to
+is off, rsync can even be tricked into showing or changing data that
-use the standard library functions for looking up names and IDs (i.e.
+-is outside the module\(cq\&s path (as access\-permissions allow).
-\f(CWgetpwuid()\fP
++is outside the module's path (as access-permissions allow).
-,
+.IP
---- 139,182 ----
+The way rsync disables the use of symlinks is to prefix each one with
-of available modules. The default is no comment.
+-the string \(dq\&/rsyncd\-munged/\(dq\&.  This prevents the links from being used
-.IP
++the string \(lq/rsyncd-munged/\(rq.  This prevents the links from being used
-.IP "\fBpath\fP"
+as long as that directory does not exist.  When this parameter is enabled,
-! This parameter specifies the directory in the daemon\(cq\&s
+rsync will refuse to run if that path is a directory or a symlink to
-filesystem to make available in this module.  You must specify this parameter
+-a directory.  When using the \(dq\&munge symlinks\(dq\& parameter in a chroot area
-for each module in \f(CWrsyncd.conf\fP.
+-that has an inside\-chroot path of \(dq\&/\(dq\&, you should add \(dq\&/rsyncd\-munged/\(dq\&
-.IP
++a directory.  When using the \(lqmunge symlinks\(rq parameter in a chroot area
-.IP "\fBuse chroot\fP"
++that has an inside-chroot path of \(lq/\(rq, you should add \(lq/rsyncd-munged/\(rq
-! If \(dq\&use chroot\(dq\& is true, the rsync daemon will chroot
+to the exclude setting for the module so that
-! to the \(dq\&path\(dq\& before starting the file transfer with the client.  This has
+-a user can\(cq\&t try to create it.
-the advantage of extra protection against possible implementation security
++a user can't try to create it.
-! holes, but it has the disadvantages of requiring super\-user privileges,
+.IP
-of not being able to follow symbolic links that are either absolute or outside
+-Note:  rsync makes no attempt to verify that any pre\-existing symlinks in
-of the new root path, and of complicating the preservation of users and groups
+-the module\(cq\&s hierarchy are as safe as you want them to be (unless, of
-by name (see below).
++Note:  rsync makes no attempt to verify that any pre-existing symlinks in
-.IP
++the module's hierarchy are as safe as you want them to be (unless, of
-! As an additional safety feature, you can specify a dot\-dir in the module\(cq\&s
+course, it just copied in the whole hierarchy).  If you setup an rsync
-! \(dq\&path\(dq\& to indicate the point where the chroot should occur.  This allows rsync
+daemon on a new area or locally add symlinks, you can manually protect your
-! to run in a chroot with a non\-\(dq\&/\(dq\& path for the top of the transfer hierarchy.
+-symlinks from being abused by prefixing \(dq\&/rsyncd\-munged/\(dq\& to the start of
-Doing this guards against unintended library loading (since those absolute
+-every symlink\(cq\&s value.  There is a perl script in the support directory
-paths will not be inside the transfer hierarchy unless you have used an unwise
+-of the source code named \(dq\&munge\-symlinks\(dq\& that can be used to add or remove
-pathname), and lets you setup libraries for the chroot that are outside of the
++symlinks from being abused by prefixing \(lq/rsyncd-munged/\(rq to the start of
-! transfer.  For example, specifying \(dq\&/var/rsync/./module1\(dq\& will chroot to the
++every symlink's value.  There is a perl script in the support directory
-! \(dq\&/var/rsync\(dq\& directory and set the inside\-chroot path to \(dq\&/module1\(dq\&.  If you
++of the source code named \(lqmunge-symlinks\(rq that can be used to add or remove
-! had omitted the dot\-dir, the chroot would have used the whole path, and the
+this prefix from your symlinks.
-! inside\-chroot path would have been \(dq\&/\(dq\&.
+.IP
-.IP
+-When this parameter is disabled on a writable module and \(dq\&use chroot\(dq\& is off
-! When \(dq\&use chroot\(dq\& is false or the inside\-chroot path is not \(dq\&/\(dq\&, rsync will:
+-(or the inside\-chroot path is not \(dq\&/\(dq\&),
-(1) munge symlinks by
+-incoming symlinks will be modified to drop a leading slash and to remove \(dq\&..\(dq\&
-! default for security reasons (see \(dq\&munge symlinks\(dq\& for a way to turn this
+-path elements that rsync believes will allow a symlink to escape the module\(cq\&s
-off, but only if you trust your users), (2) substitute leading slashes in
++When this parameter is disabled on a writable module and \(lquse chroot\(rq is off
-! absolute paths with the module\(cq\&s path (so that options such as
++(or the inside-chroot path is not \(lq/\(rq),
-\fB\-\-backup\-dir\fP, \fB\-\-compare\-dest\fP, etc. interpret an absolute path as
++incoming symlinks will be modified to drop a leading slash and to remove \(lq..\(rq
-! rooted in the module\(cq\&s \(dq\&path\(dq\& dir), and (3) trim \(dq\&..\(dq\& path elements from
++path elements that rsync believes will allow a symlink to escape the module's
-args if rsync believes they would escape the module hierarchy.
+hierarchy.  There are tricky ways to work around this, though, so you had
-! The default for \(dq\&use chroot\(dq\& is true, and is the safer choice (especially
+better trust your users if you choose this combination of parameters.
-! if the module is not read\-only).
+.IP
-.IP
+.IP "\fBcharset\fP"
-When this parameter is enabled, rsync will not attempt to map users and groups
+This specifies the name of the character set in which the
-by name (by default), but instead copy IDs as though \fB\-\-numeric\-ids\fP had
+-module\(cq\&s filenames are stored.  If the client uses an \fB\-\-iconv\fP option,
-! been specified.  In order to enable name\-mapping, rsync needs to be able to
+-the daemon will use the value of the \(dq\&charset\(dq\& parameter regardless of the
-use the standard library functions for looking up names and IDs (i.e.
++module's filenames are stored.  If the client uses an \fB\-\-iconv\fP option,
-\f(CWgetpwuid()\fP
++the daemon will use the value of the \(lqcharset\(rq parameter regardless of the
-,
+character set the client actually passed.  This allows the daemon to
-***************
+support charset conversion in a chroot module without extra files in the
-*** 191,202 ****
+-chroot area, and also ensures that name\-translation is done in a consistent
-used by these library functions (traditionally /etc/passwd and
+-manner.  If the \(dq\&charset\(dq\& parameter is not set, the \fB\-\-iconv\fP option is
-/etc/group, but perhaps additional dynamic libraries as well).
+-refused, just as if \(dq\&iconv\(dq\& had been specified via \(dq\&refuse options\(dq\&.
-.IP
++chroot area, and also ensures that name-translation is done in a consistent
-! If you copy the necessary resources into the module's chroot area, you
++manner.  If the \(lqcharset\(rq parameter is not set, the \fB\-\-iconv\fP option is
-! should protect them through your OS's normal user/group or ACL settings (to
++refused, just as if \(lqiconv\(rq had been specified via \(lqrefuse options\(rq.
-! prevent the rsync module's user from being able to change them), and then
+.IP
-! hide them from the user's view via \(lqexclude\(rq (see how in the discussion of
+If you wish to force users to always use \fB\-\-iconv\fP for a particular
-that parameter).  At that point it will be safe to enable the mapping of users
+-module, add \(dq\&no\-iconv\(dq\& to the \(dq\&refuse options\(dq\& parameter.  Keep in mind
-! and groups by name using the \(lqnumeric ids\(rq daemon parameter (see below).
++module, add \(lqno-iconv\(rq to the \(lqrefuse options\(rq parameter.  Keep in mind
-.IP
+that this will restrict access to your module to very new rsync clients.
-Note also that you are free to setup custom user/group information in the
+.IP
-chroot area that is different from your normal system.  For example, you
+.IP "\fBmax connections\fP"
---- 191,202 ----
+@@ -273,21 +273,21 @@
-used by these library functions (traditionally /etc/passwd and
+Any clients connecting when the maximum has been reached will receive a
-/etc/group, but perhaps additional dynamic libraries as well).
+message telling them to try later.  The default is 0, which means no limit.
-.IP
+A negative value disables the module.
-! If you copy the necessary resources into the module\(cq\&s chroot area, you
+-See also the \(dq\&lock file\(dq\& parameter.
-! should protect them through your OS\(cq\&s normal user/group or ACL settings (to
++See also the \(lqlock file\(rq parameter.
-! prevent the rsync module\(cq\&s user from being able to change them), and then
+.IP
-! hide them from the user\(cq\&s view via \(dq\&exclude\(dq\& (see how in the discussion of
+.IP "\fBlog file\fP"
-that parameter).  At that point it will be safe to enable the mapping of users
+-When the \(dq\&log file\(dq\& parameter is set to a non\-empty
-! and groups by name using the \(dq\&numeric ids\(dq\& daemon parameter (see below).
++When the \(lqlog file\(rq parameter is set to a non-empty
-.IP
+string, the rsync daemon will log messages to the indicated file rather
-Note also that you are free to setup custom user/group information in the
+than using syslog. This is particularly useful on systems (such as AIX)
-chroot area that is different from your normal system.  For example, you
+where
-***************
+\f(CWsyslog()\fP
-*** 205,216 ****
+-doesn\(cq\&t work for chrooted programs.  The file is
-.IP "\fBnumeric ids\fP"
++doesn't work for chrooted programs.  The file is
-Enabling this parameter disables the mapping
+opened before
-of users and groups by name for the current daemon module.  This prevents
+\f(CWchroot()\fP
-! the daemon from trying to load any user/group-related files or libraries.
+is called, allowing it to be placed outside
-This enabling makes the transfer behave as if the client had passed
+-the transfer.  If this value is set on a per\-module basis instead of
-! the \fB\-\-numeric\-ids\fP command-line option.  By default, this parameter is
++the transfer.  If this value is set on a per-module basis instead of
-! enabled for chroot modules and disabled for non-chroot modules.
+globally, the global log will still contain any authorization failures
-.IP
+-or config\-file error messages.
-! A chroot-enabled module should not have this parameter enabled unless you've
++or config-file error messages.
-taken steps to ensure that the module has the necessary resources it needs
+.IP
-to translate names, and that it is not possible for a user to change those
+If the daemon fails to open the specified file, it will fall back to
-resources.
+using syslog and output an error about the failure.  (Note that the
---- 205,216 ----
+@@ -300,19 +300,19 @@
-.IP "\fBnumeric ids\fP"
+defined on your system. Common names are auth, authpriv, cron, daemon,
-Enabling this parameter disables the mapping
+ftp, kern, lpr, mail, news, security, syslog, user, uucp, local0,
-of users and groups by name for the current daemon module.  This prevents
+local1, local2, local3, local4, local5, local6 and local7. The default
-! the daemon from trying to load any user/group\-related files or libraries.
+-is daemon.  This setting has no effect if the \(dq\&log file\(dq\& setting is a
-This enabling makes the transfer behave as if the client had passed
+-non\-empty string (either set in the per\-modules settings, or inherited
-! the \fB\-\-numeric\-ids\fP command\-line option.  By default, this parameter is
++is daemon.  This setting has no effect if the \(lqlog file\(rq setting is a
-! enabled for chroot modules and disabled for non\-chroot modules.
++non-empty string (either set in the per-modules settings, or inherited
-.IP
+from the global settings).
-! A chroot\-enabled module should not have this parameter enabled unless you\(cq\&ve
+.IP
-taken steps to ensure that the module has the necessary resources it needs
+.IP "\fBmax verbosity\fP"
-to translate names, and that it is not possible for a user to change those
+This parameter allows you to control
-resources.
+-the maximum amount of verbose information that you\(cq\&ll allow the daemon to
-***************
++the maximum amount of verbose information that you'll allow the daemon to
-*** 219,270 ****
+generate (since the information goes into the log file). The default is 1,
-This parameter tells rsync to modify
+which allows the client to request one level of verbosity.
-all incoming symlinks in a way that makes them unusable but recoverable
+.IP
-(see below).  This should help protect your files from user trickery when
+.IP "\fBlock file\fP"
-! your daemon module is writable.  The default is disabled when \(lquse chroot\(rq
+This parameter specifies the file to use to
-! is on and the inside-chroot path is \(lq/\(rq, otherwise it is enabled.
+-support the \(dq\&max connections\(dq\& parameter. The rsync daemon uses record
-.IP
++support the \(lqmax connections\(rq parameter. The rsync daemon uses record
-! If you disable this parameter on a daemon that is not read-only, there
+locking on this file to ensure that the max connections limit is not
-are tricks that a user can play with uploaded symlinks to access
+exceeded for the modules sharing the lock file.
-! daemon-excluded items (if your module has any), and, if \(lquse chroot\(rq
+The default is \f(CW/var/run/rsyncd.lock\fP.
-is off, rsync can even be tricked into showing or changing data that
+@@ -319,15 +319,15 @@
-! is outside the module's path (as access-permissions allow).
+.IP
-.IP
+.IP "\fBread only\fP"
-The way rsync disables the use of symlinks is to prefix each one with
+This parameter determines whether clients
-! the string \(lq/rsyncd-munged/\(rq.  This prevents the links from being used
+-will be able to upload files or not. If \(dq\&read only\(dq\& is true then any
-as long as that directory does not exist.  When this parameter is enabled,
+-attempted uploads will fail. If \(dq\&read only\(dq\& is false then uploads will
-rsync will refuse to run if that path is a directory or a symlink to
++will be able to upload files or not. If \(lqread only\(rq is true then any
-! a directory.  When using the \(lqmunge symlinks\(rq parameter in a chroot area
++attempted uploads will fail. If \(lqread only\(rq is false then uploads will
-! that has an inside-chroot path of \(lq/\(rq, you should add \(lq/rsyncd-munged/\(rq
+be possible if file permissions on the daemon side allow them. The default
-to the exclude setting for the module so that
+is for all modules to be read only.
-! a user can't try to create it.
+.IP
-.IP
+.IP "\fBwrite only\fP"
-! Note:  rsync makes no attempt to verify that any pre-existing symlinks in
+This parameter determines whether clients
-! the module's hierarchy are as safe as you want them to be (unless, of
+-will be able to download files or not. If \(dq\&write only\(dq\& is true then any
-course, it just copied in the whole hierarchy).  If you setup an rsync
+-attempted downloads will fail. If \(dq\&write only\(dq\& is false then downloads
-daemon on a new area or locally add symlinks, you can manually protect your
++will be able to download files or not. If \(lqwrite only\(rq is true then any
-! symlinks from being abused by prefixing \(lq/rsyncd-munged/\(rq to the start of
++attempted downloads will fail. If \(lqwrite only\(rq is false then downloads
-! every symlink's value.  There is a perl script in the support directory
+will be possible if file permissions on the daemon side allow them.  The
-! of the source code named \(lqmunge-symlinks\(rq that can be used to add or remove
+default is for this parameter to be disabled.
-this prefix from your symlinks.
+.IP
-.IP
+@@ -340,19 +340,19 @@
-! When this parameter is disabled on a writable module and \(lquse chroot\(rq is off
+.IP "\fBuid\fP"
-! (or the inside-chroot path is not \(lq/\(rq),
+This parameter specifies the user name or user ID that
-! incoming symlinks will be modified to drop a leading slash and to remove \(lq..\(rq
+file transfers to and from that module should take place as when the daemon
-! path elements that rsync believes will allow a symlink to escape the module's
+-was run as root. In combination with the \(dq\&gid\(dq\& parameter this determines what
-hierarchy.  There are tricky ways to work around this, though, so you had
++was run as root. In combination with the \(lqgid\(rq parameter this determines what
-better trust your users if you choose this combination of parameters.
+file permissions are available. The default is uid \-2, which is normally
-.IP
+-the user \(dq\&nobody\(dq\&.
-.IP "\fBcharset\fP"
++the user \(lqnobody\(rq.
-This specifies the name of the character set in which the
+.IP
-! module's filenames are stored.  If the client uses an \fB\-\-iconv\fP option,
+.IP "\fBgid\fP"
-! the daemon will use the value of the \(lqcharset\(rq parameter regardless of the
+This parameter specifies the group name or group ID that
-character set the client actually passed.  This allows the daemon to
+file transfers to and from that module should take place as when the daemon
-support charset conversion in a chroot module without extra files in the
+-was run as root. This complements the \(dq\&uid\(dq\& parameter. The default is gid \-2,
-! chroot area, and also ensures that name-translation is done in a consistent
+-which is normally the group \(dq\&nobody\(dq\&.
-! manner.  If the \(lqcharset\(rq parameter is not set, the \fB\-\-iconv\fP option is
++was run as root. This complements the \(lquid\(rq parameter. The default is gid \-2,
-! refused, just as if \(lqiconv\(rq had been specified via \(lqrefuse options\(rq.
++which is normally the group \(lqnobody\(rq.
 .IP
-If you wish to force users to always use \fB\-\-iconv\fP for a particular
+.IP "\fBfake super\fP"
-! module, add \(lqno-iconv\(rq to the \(lqrefuse options\(rq parameter.  Keep in mind
+-Setting \(dq\&fake super = yes\(dq\& for a module causes the
-that this will restrict access to your module to very new rsync clients.
+-daemon side to behave as if the \fB\-\-fake\-super\fP command\-line option had
-.IP
++Setting \(lqfake super = yes\(rq for a module causes the
-.IP "\fBmax connections\fP"
++daemon side to behave as if the \fB\-\-fake\-user\fP command-line option had
---- 219,270 ----
+been specified.  This allows the full attributes of a file to be stored
-This parameter tells rsync to modify
+without having to have the daemon actually running as root.
-all incoming symlinks in a way that makes them unusable but recoverable
+.IP
-(see below).  This should help protect your files from user trickery when
+@@ -360,7 +360,7 @@
-! your daemon module is writable.  The default is disabled when \(dq\&use chroot\(dq\&
+The daemon has its own filter chain that determines what files
-! is on and the inside\-chroot path is \(dq\&/\(dq\&, otherwise it is enabled.
+it will let the client access.  This chain is not sent to the client and is
-.IP
+independent of any filters the client may have specified.  Files excluded by
-! If you disable this parameter on a daemon that is not read\-only, there
+-the daemon filter chain (\fBdaemon\-excluded\fP files) are treated as non\-existent
-are tricks that a user can play with uploaded symlinks to access
++the daemon filter chain (\fBdaemon-excluded\fP files) are treated as non-existent
-! daemon\-excluded items (if your module has any), and, if \(dq\&use chroot\(dq\&
+if the client tries to pull them, are skipped with an error message if the
-is off, rsync can even be tricked into showing or changing data that
+client tries to push them (triggering exit code 23), and are never deleted from
-! is outside the module\(cq\&s path (as access\-permissions allow).
+the module.  You can use daemon filters to prevent clients from downloading or
-.IP
+@@ -367,55 +367,55 @@
-The way rsync disables the use of symlinks is to prefix each one with
+tampering with private administrative files, such as files you may add to
-! the string \(dq\&/rsyncd\-munged/\(dq\&.  This prevents the links from being used
+support uid/gid name translations.
-as long as that directory does not exist.  When this parameter is enabled,
+.IP
-rsync will refuse to run if that path is a directory or a symlink to
+-The daemon filter chain is built from the \(dq\&filter\(dq\&, \(dq\&include from\(dq\&, \(dq\&include\(dq\&,
-! a directory.  When using the \(dq\&munge symlinks\(dq\& parameter in a chroot area
+-\(dq\&exclude from\(dq\&, and \(dq\&exclude\(dq\& parameters, in that order of priority.  Anchored
-! that has an inside\-chroot path of \(dq\&/\(dq\&, you should add \(dq\&/rsyncd\-munged/\(dq\&
++The daemon filter chain is built from the \(lqfilter\(rq, \(lqinclude from\(rq, \(lqinclude\(rq,
-to the exclude setting for the module so that
++\(lqexclude from\(rq, and \(lqexclude\(rq parameters, in that order of priority.  Anchored
-! a user can\(cq\&t try to create it.
+patterns are anchored at the root of the module.  To prevent access to an
-.IP
+-entire subtree, for example, \(dq\&/secret\(dq\&, you \fImust\fP exclude everything in the
-! Note:  rsync makes no attempt to verify that any pre\-existing symlinks in
+-subtree; the easiest way to do this is with a triple\-star pattern like
-! the module\(cq\&s hierarchy are as safe as you want them to be (unless, of
+-\(dq\&/secret/***\(dq\&.
-course, it just copied in the whole hierarchy).  If you setup an rsync
++entire subtree, for example, \(lq/secret\(rq, you \fImust\fP exclude everything in the
-daemon on a new area or locally add symlinks, you can manually protect your
++subtree; the easiest way to do this is with a triple-star pattern like
-! symlinks from being abused by prefixing \(dq\&/rsyncd\-munged/\(dq\& to the start of
++\(lq/secret/***\(rq.
-! every symlink\(cq\&s value.  There is a perl script in the support directory
+.IP
-! of the source code named \(dq\&munge\-symlinks\(dq\& that can be used to add or remove
+-The \(dq\&filter\(dq\& parameter takes a space\-separated list of daemon filter rules,
-this prefix from your symlinks.
++The \(lqfilter\(rq parameter takes a space-separated list of daemon filter rules,
-.IP
+though it is smart enough to know not to split a token at an internal space in
-! When this parameter is disabled on a writable module and \(dq\&use chroot\(dq\& is off
+-a rule (e.g. \(dq\&\- /foo  \(em /bar\(dq\& is parsed as two rules).  You may specify one or
-! (or the inside\-chroot path is not \(dq\&/\(dq\&),
+-more merge\-file rules using the normal syntax.  Only one \(dq\&filter\(dq\& parameter can
-! incoming symlinks will be modified to drop a leading slash and to remove \(dq\&..\(dq\&
++a rule (e.g. \(lq\- /foo  \(em /bar\(rq is parsed as two rules).  You may specify one or
-! path elements that rsync believes will allow a symlink to escape the module\(cq\&s
++more merge-file rules using the normal syntax.  Only one \(lqfilter\(rq parameter can
-hierarchy.  There are tricky ways to work around this, though, so you had
+apply to a given module in the config file, so put all the rules you want in a
-better trust your users if you choose this combination of parameters.
+-single parameter.  Note that per\-directory merge\-file rules do not provide as
-.IP
++single parameter.  Note that per-directory merge-file rules do not provide as
-.IP "\fBcharset\fP"
+much protection as global rules, but they can be used to make \fB\-\-delete\fP work
-This specifies the name of the character set in which the
+-better during a client download operation if the per\-dir merge files are
-! module\(cq\&s filenames are stored.  If the client uses an \fB\-\-iconv\fP option,
++better during a client download operation if the per-dir merge files are
-! the daemon will use the value of the \(dq\&charset\(dq\& parameter regardless of the
+included in the transfer and the client requests that they be used.
-character set the client actually passed.  This allows the daemon to
+.IP
-support charset conversion in a chroot module without extra files in the
+.IP "\fBexclude\fP"
-! chroot area, and also ensures that name\-translation is done in a consistent
+-This parameter takes a space\-separated list of daemon
-! manner.  If the \(dq\&charset\(dq\& parameter is not set, the \fB\-\-iconv\fP option is
++This parameter takes a space-separated list of daemon
-! refused, just as if \(dq\&iconv\(dq\& had been specified via \(dq\&refuse options\(dq\&.
+exclude patterns.  As with the client \fB\-\-exclude\fP option, patterns can be
-.IP
+-qualified with \(dq\&\- \(dq\& or \(dq\&+ \(dq\& to explicitly indicate exclude/include.  Only one
-If you wish to force users to always use \fB\-\-iconv\fP for a particular
+-\(dq\&exclude\(dq\& parameter can apply to a given module.  See the \(dq\&filter\(dq\& parameter
-! module, add \(dq\&no\-iconv\(dq\& to the \(dq\&refuse options\(dq\& parameter.  Keep in mind
++qualified with \(lq\- \(rq or \(lq+ \(rq to explicitly indicate exclude/include.  Only one
-that this will restrict access to your module to very new rsync clients.
++\(lqexclude\(rq parameter can apply to a given module.  See the \(lqfilter\(rq parameter
-.IP
+for a description of how excluded files affect the daemon.
-.IP "\fBmax connections\fP"
+.IP
-***************
+.IP "\fBinclude\fP"
-*** 273,293 ****
+-Use an \(dq\&include\(dq\& to override the effects of the \(dq\&exclude\(dq\&
-Any clients connecting when the maximum has been reached will receive a
+-parameter.  Only one \(dq\&include\(dq\& parameter can apply to a given module.  See the
-message telling them to try later.  The default is 0, which means no limit.
+-\(dq\&filter\(dq\& parameter for a description of how excluded files affect the daemon.
-A negative value disables the module.
++Use an \(lqinclude\(rq to override the effects of the \(lqexclude\(rq
-! See also the \(lqlock file\(rq parameter.
++parameter.  Only one \(lqinclude\(rq parameter can apply to a given module.  See the
-.IP
++\(lqfilter\(rq parameter for a description of how excluded files affect the daemon.
-.IP "\fBlog file\fP"
+.IP
-! When the \(lqlog file\(rq parameter is set to a non-empty
+.IP "\fBexclude from\fP"
-string, the rsync daemon will log messages to the indicated file rather
+This parameter specifies the name of a file
-than using syslog. This is particularly useful on systems (such as AIX)
+on the daemon that contains daemon exclude patterns, one per line.  Only one
-where
+-\(dq\&exclude from\(dq\& parameter can apply to a given module; if you have multiple
-\f(CWsyslog()\fP
+-exclude\-from files, you can specify them as a merge file in the \(dq\&filter\(dq\&
-! doesn't work for chrooted programs.  The file is
+-parameter.  See the \(dq\&filter\(dq\& parameter for a description of how excluded files
-opened before
++\(lqexclude from\(rq parameter can apply to a given module; if you have multiple
-\f(CWchroot()\fP
++exclude-from files, you can specify them as a merge file in the \(lqfilter\(rq
-is called, allowing it to be placed outside
++parameter.  See the \(lqfilter\(rq parameter for a description of how excluded files
-! the transfer.  If this value is set on a per-module basis instead of
+affect the daemon.
-globally, the global log will still contain any authorization failures
+.IP
-! or config-file error messages.
+.IP "\fBinclude from\fP"
-.IP
+-Analogue of \(dq\&exclude from\(dq\& for a file of daemon include
-If the daemon fails to open the specified file, it will fall back to
+-patterns.  Only one \(dq\&include from\(dq\& parameter can apply to a given module.  See
-using syslog and output an error about the failure.  (Note that the
+-the \(dq\&filter\(dq\& parameter for a description of how excluded files affect the
---- 273,293 ----
++Analogue of \(lqexclude from\(rq for a file of daemon include
-Any clients connecting when the maximum has been reached will receive a
++patterns.  Only one \(lqinclude from\(rq parameter can apply to a given module.  See
-message telling them to try later.  The default is 0, which means no limit.
++the \(lqfilter\(rq parameter for a description of how excluded files affect the
-A negative value disables the module.
+daemon.
-! See also the \(dq\&lock file\(dq\& parameter.
+.IP
-.IP
+.IP "\fBincoming chmod\fP"
-.IP "\fBlog file\fP"
+This parameter allows you to specify a set of
-! When the \(dq\&log file\(dq\& parameter is set to a non\-empty
+-comma\-separated chmod strings that will affect the permissions of all
-string, the rsync daemon will log messages to the indicated file rather
++comma-separated chmod strings that will affect the permissions of all
-than using syslog. This is particularly useful on systems (such as AIX)
+incoming files (files that are being received by the daemon).  These
-where
+changes happen after all other permission calculations, and this will
-\f(CWsyslog()\fP
+-even override destination\-default and/or existing permissions when the
-! doesn\(cq\&t work for chrooted programs.  The file is
++even override destination-default and/or existing permissions when the
-opened before
+client does not specify \fB\-\-perms\fP.
-\f(CWchroot()\fP
+See the description of the \fB\-\-chmod\fP rsync option and the \fBchmod\fP(1)
-is called, allowing it to be placed outside
+manpage for information on the format of this string.
-! the transfer.  If this value is set on a per\-module basis instead of
+@@ -422,7 +422,7 @@
-globally, the global log will still contain any authorization failures
+.IP
-! or config\-file error messages.
+.IP "\fBoutgoing chmod\fP"
-.IP
+This parameter allows you to specify a set of
-If the daemon fails to open the specified file, it will fall back to
+-comma\-separated chmod strings that will affect the permissions of all
-using syslog and output an error about the failure.  (Note that the
++comma-separated chmod strings that will affect the permissions of all
-***************
+outgoing files (files that are being sent out from the daemon).  These
-*** 300,318 ****
+changes happen first, making the sent permissions appear to be different
-defined on your system. Common names are auth, authpriv, cron, daemon,
+than those stored in the filesystem itself.  For instance, you could
-ftp, kern, lpr, mail, news, security, syslog, user, uucp, local0,
+@@ -433,41 +433,41 @@
-local1, local2, local3, local4, local5, local6 and local7. The default
+.IP
-! is daemon.  This setting has no effect if the \(lqlog file\(rq setting is a
+.IP "\fBauth users\fP"
-! non-empty string (either set in the per-modules settings, or inherited
+This parameter specifies a comma and
-from the global settings).
+-space\-separated list of usernames that will be allowed to connect to
-.IP
++space-separated list of usernames that will be allowed to connect to
-.IP "\fBmax verbosity\fP"
+this module. The usernames do not need to exist on the local
-This parameter allows you to control
+system. The usernames may also contain shell wildcard characters. If
-! the maximum amount of verbose information that you'll allow the daemon to
+-\(dq\&auth users\(dq\& is set then the client will be challenged to supply a
-generate (since the information goes into the log file). The default is 1,
++\(lqauth users\(rq is set then the client will be challenged to supply a
-which allows the client to request one level of verbosity.
+username and password to connect to the module. A challenge response
-.IP
+authentication protocol is used for this exchange. The plain text
-.IP "\fBlock file\fP"
+usernames and passwords are stored in the file specified by the
-This parameter specifies the file to use to
+-\(dq\&secrets file\(dq\& parameter. The default is for all users to be able to
-! support the \(lqmax connections\(rq parameter. The rsync daemon uses record
+-connect without a password (this is called \(dq\&anonymous rsync\(dq\&).
-locking on this file to ensure that the max connections limit is not
++\(lqsecrets file\(rq parameter. The default is for all users to be able to
-exceeded for the modules sharing the lock file.
++connect without a password (this is called \(lqanonymous rsync\(rq).
-The default is \f(CW/var/run/rsyncd.lock\fP.
+.IP
---- 300,318 ----
+-See also the section entitled \(dq\&USING RSYNC\-DAEMON FEATURES VIA A REMOTE
-defined on your system. Common names are auth, authpriv, cron, daemon,
+-SHELL CONNECTION\(dq\& in \fBrsync\fP(1) for information on how handle an
-ftp, kern, lpr, mail, news, security, syslog, user, uucp, local0,
+-rsyncd.conf\-level username that differs from the remote\-shell\-level
-local1, local2, local3, local4, local5, local6 and local7. The default
++See also the \(lqCONNECTING TO AN RSYNC DAEMON OVER A REMOTE SHELL
-! is daemon.  This setting has no effect if the \(dq\&log file\(dq\& setting is a
++PROGRAM\(rq section in \fBrsync\fP(1) for information on how handle an
-! non\-empty string (either set in the per\-modules settings, or inherited
++rsyncd.conf\-level username that differs from the remote-shell-level
-from the global settings).
+username when using a remote shell to connect to an rsync daemon.
 .IP
-.IP "\fBmax verbosity\fP"
+.IP "\fBsecrets file\fP"
-This parameter allows you to control
+This parameter specifies the name of
-! the maximum amount of verbose information that you\(cq\&ll allow the daemon to
+a file that contains the username:password pairs used for
-generate (since the information goes into the log file). The default is 1,
+-authenticating this module. This file is only consulted if the \(dq\&auth
-which allows the client to request one level of verbosity.
+-users\(dq\& parameter is specified. The file is line based and contains
-.IP
++authenticating this module. This file is only consulted if the \(lqauth
-.IP "\fBlock file\fP"
++users\(rq parameter is specified. The file is line based and contains
-This parameter specifies the file to use to
+username:password pairs separated by a single colon. Any line starting
-! support the \(dq\&max connections\(dq\& parameter. The rsync daemon uses record
+with a hash (#) is considered a comment and is skipped. The passwords
-locking on this file to ensure that the max connections limit is not
+can contain any characters but be warned that many operating systems
-exceeded for the modules sharing the lock file.
+limit the length of passwords that can be typed at the client end, so
-The default is \f(CW/var/run/rsyncd.lock\fP.
+-you may find that passwords longer than 8 characters don\(cq\&t work.
-***************
++you may find that passwords longer than 8 characters don't work.
-*** 319,333 ****
+.IP
-.IP
+-There is no default for the \(dq\&secrets file\(dq\& parameter, you must choose a name
-.IP "\fBread only\fP"
++There is no default for the \(lqsecrets file\(rq parameter, you must choose a name
-This parameter determines whether clients
+(such as \f(CW/etc/rsyncd.secrets\fP).  The file must normally not be readable
-! will be able to upload files or not. If \(lqread only\(rq is true then any
+-by \(dq\&other\(dq\&; see \(dq\&strict modes\(dq\&.
-! attempted uploads will fail. If \(lqread only\(rq is false then uploads will
++by \(lqother\(rq; see \(lqstrict modes\(rq.
-be possible if file permissions on the daemon side allow them. The default
+.IP
-is for all modules to be read only.
+.IP "\fBstrict modes\fP"
-.IP
+This parameter determines whether or not
-.IP "\fBwrite only\fP"
+-the permissions on the secrets file will be checked.  If \(dq\&strict modes\(dq\& is
-This parameter determines whether clients
++the permissions on the secrets file will be checked.  If \(lqstrict modes\(rq is
-! will be able to download files or not. If \(lqwrite only\(rq is true then any
+true, then the secrets file must not be readable by any user ID other
-! attempted downloads will fail. If \(lqwrite only\(rq is false then downloads
+-than the one that the rsync daemon is running under.  If \(dq\&strict modes\(dq\& is
-will be possible if file permissions on the daemon side allow them.  The
++than the one that the rsync daemon is running under.  If \(lqstrict modes\(rq is
-default is for this parameter to be disabled.
+false, the check is not performed.  The default is true.  This parameter
-.IP
+was added to accommodate rsync running on the Windows operating system.
---- 319,333 ----
+.IP
-.IP
+@@ -482,7 +482,7 @@
-.IP "\fBread only\fP"
+.RS
-This parameter determines whether clients
+.IP o
-! will be able to upload files or not. If \(dq\&read only\(dq\& is true then any
+a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address
-! attempted uploads will fail. If \(dq\&read only\(dq\& is false then uploads will
+-of the form a:b:c::d:e:f. In this case the incoming machine\(cq\&s IP address
-be possible if file permissions on the daemon side allow them. The default
++of the form a:b:c::d:e:f. In this case the incoming machine's IP address
-is for all modules to be read only.
+must match exactly.
-.IP
+.IP o
-.IP "\fBwrite only\fP"
+an address/mask in the form ipaddr/n where ipaddr is the IP address
-This parameter determines whether clients
+@@ -504,7 +504,7 @@
-! will be able to download files or not. If \(dq\&write only\(dq\& is true then any
+.RE
-! attempted downloads will fail. If \(dq\&write only\(dq\& is false then downloads
-will be possible if file permissions on the daemon side allow them.  The
+.IP
-default is for this parameter to be disabled.
+-Note IPv6 link\-local addresses can have a scope in the address specification:
-.IP
++Note IPv6 link-local addresses can have a scope in the address specification:
-***************
+.IP
-*** 340,358 ****
+.RS
-.IP "\fBuid\fP"
+\f(CW    fe80::1%link1\fP
-This parameter specifies the user name or user ID that
+@@ -516,23 +516,23 @@
-file transfers to and from that module should take place as when the daemon
+.RE
-! was run as root. In combination with the \(lqgid\(rq parameter this determines what
-file permissions are available. The default is uid \-2, which is normally
+.IP
-! the user \(lqnobody\(rq.
+-You can also combine \(dq\&hosts allow\(dq\& with a separate \(dq\&hosts deny\(dq\&
-.IP
+-parameter. If both parameters are specified then the \(dq\&hosts allow\(dq\& parameter is
-.IP "\fBgid\fP"
++You can also combine \(lqhosts allow\(rq with a separate \(lqhosts deny\(rq
-This parameter specifies the group name or group ID that
++parameter. If both parameters are specified then the \(lqhosts allow\(rq parameter is
-file transfers to and from that module should take place as when the daemon
+checked first and a match results in the client being able to
-! was run as root. This complements the \(lquid\(rq parameter. The default is gid \-2,
+-connect. The \(dq\&hosts deny\(dq\& parameter is then checked and a match means
-! which is normally the group \(lqnobody\(rq.
++connect. The \(lqhosts deny\(rq parameter is then checked and a match means
-.IP
+that the host is rejected. If the host does not match either the
-.IP "\fBfake super\fP"
+-\(dq\&hosts allow\(dq\& or the \(dq\&hosts deny\(dq\& patterns then it is allowed to
-! Setting \(lqfake super = yes\(rq for a module causes the
++\(lqhosts allow\(rq or the \(lqhosts deny\(rq patterns then it is allowed to
-! daemon side to behave as if the \fB\-\-fake\-user\fP command-line option had
+connect.
-been specified.  This allows the full attributes of a file to be stored
+.IP
-without having to have the daemon actually running as root.
+-The default is no \(dq\&hosts allow\(dq\& parameter, which means all hosts can connect.
-.IP
++The default is no \(lqhosts allow\(rq parameter, which means all hosts can connect.
---- 340,358 ----
+.IP
-.IP "\fBuid\fP"
+.IP "\fBhosts deny\fP"
-This parameter specifies the user name or user ID that
+This parameter allows you to specify a
-file transfers to and from that module should take place as when the daemon
+list of patterns that are matched against a connecting clients
-! was run as root. In combination with the \(dq\&gid\(dq\& parameter this determines what
+hostname and IP address. If the pattern matches then the connection is
-file permissions are available. The default is uid \-2, which is normally
+-rejected. See the \(dq\&hosts allow\(dq\& parameter for more information.
-! the user \(dq\&nobody\(dq\&.
++rejected. See the \(lqhosts allow\(rq parameter for more information.
 .IP
-.IP "\fBgid\fP"
+-The default is no \(dq\&hosts deny\(dq\& parameter, which means all hosts can connect.
-This parameter specifies the group name or group ID that
++The default is no \(lqhosts deny\(rq parameter, which means all hosts can connect.
-file transfers to and from that module should take place as when the daemon
+.IP
-! was run as root. This complements the \(dq\&uid\(dq\& parameter. The default is gid \-2,
+.IP "\fBignore errors\fP"
-! which is normally the group \(dq\&nobody\(dq\&.
+This parameter tells rsyncd to
-.IP
+@@ -546,32 +546,32 @@
-.IP "\fBfake super\fP"
+.IP "\fBignore nonreadable\fP"
-! Setting \(dq\&fake super = yes\(dq\& for a module causes the
+This tells the rsync daemon to completely
-! daemon side to behave as if the \fB\-\-fake\-super\fP command\-line option had
+ignore files that are not readable by the user. This is useful for
-been specified.  This allows the full attributes of a file to be stored
+-public archives that may have some non\-readable files among the
-without having to have the daemon actually running as root.
+-directories, and the sysadmin doesn\(cq\&t want those files to be seen at all.
-.IP
++public archives that may have some non-readable files among the
-***************
++directories, and the sysadmin doesn't want those files to be seen at all.
-*** 360,366 ****
+.IP
-The daemon has its own filter chain that determines what files
+.IP "\fBtransfer logging\fP"
-it will let the client access.  This chain is not sent to the client and is
+-This parameter enables per\-file
-independent of any filters the client may have specified.  Files excluded by
++This parameter enables per-file
-! the daemon filter chain (\fBdaemon-excluded\fP files) are treated as non-existent
+logging of downloads and uploads in a format somewhat similar to that
-if the client tries to pull them, are skipped with an error message if the
+used by ftp daemons.  The daemon always logs the transfer at the end, so
-client tries to push them (triggering exit code 23), and are never deleted from
+if a transfer is aborted, no mention will be made in the log file.
-the module.  You can use daemon filters to prevent clients from downloading or
+.IP
---- 360,366 ----
+-If you want to customize the log lines, see the \(dq\&log format\(dq\& parameter.
-The daemon has its own filter chain that determines what files
++If you want to customize the log lines, see the \(lqlog format\(rq parameter.
-it will let the client access.  This chain is not sent to the client and is
+.IP
-independent of any filters the client may have specified.  Files excluded by
+.IP "\fBlog format\fP"
-! the daemon filter chain (\fBdaemon\-excluded\fP files) are treated as non\-existent
+This parameter allows you to specify the
-if the client tries to pull them, are skipped with an error message if the
+format used for logging file transfers when transfer logging is enabled.
-client tries to push them (triggering exit code 23), and are never deleted from
+-The format is a text string containing embedded single\-character escape
-the module.  You can use daemon filters to prevent clients from downloading or
++The format is a text string containing embedded single-character escape
-***************
+sequences prefixed with a percent (%) character.  An optional numeric
-*** 367,421 ****
+field width may also be specified between the percent and the escape
-tampering with private administrative files, such as files you may add to
+-letter (e.g. \(dq\&\fB%\-50n %8l %07p\fP\(dq\&).
-support uid/gid name translations.
++letter (e.g. \(lq\fB%\-50n %8l %07p\fP\(rq).
 .IP
-! The daemon filter chain is built from the \(lqfilter\(rq, \(lqinclude from\(rq, \(lqinclude\(rq,
+-The default log format is \(dq\&%o %h [%a] %m (%u) %f %l\(dq\&, and a \(dq\&%t [%p] \(dq\&
-! \(lqexclude from\(rq, and \(lqexclude\(rq parameters, in that order of priority.  Anchored
+-is always prefixed when using the \(dq\&log file\(dq\& parameter.
-patterns are anchored at the root of the module.  To prevent access to an
++The default log format is \(lq%o %h [%a] %m (%u) %f %l\(rq, and a \(lq%t [%p] \(rq
-! entire subtree, for example, \(lq/secret\(rq, you \fImust\fP exclude everything in the
++is always prefixed when using the \(lqlog file\(rq parameter.
-! subtree; the easiest way to do this is with a triple-star pattern like
+(A perl script that will summarize this default log format is included
-! \(lq/secret/***\(rq.
+-in the rsync source code distribution in the \(dq\&support\(dq\& subdirectory:
-.IP
++in the rsync source code distribution in the \(lqsupport\(rq subdirectory:
-! The \(lqfilter\(rq parameter takes a space-separated list of daemon filter rules,
+rsyncstats.)
-though it is smart enough to know not to split a token at an internal space in
+.IP
-! a rule (e.g. \(lq\- /foo  \(em /bar\(rq is parsed as two rules).  You may specify one or
+-The single\-character escapes that are understood are as follows:
-! more merge-file rules using the normal syntax.  Only one \(lqfilter\(rq parameter can
++The single-character escapes that are understood are as follows:
-apply to a given module in the config file, so put all the rules you want in a
+.IP
-! single parameter.  Note that per-directory merge-file rules do not provide as
+.RS
-much protection as global rules, but they can be used to make \fB\-\-delete\fP work
+.IP o
-! better during a client download operation if the per-dir merge files are
+@@ -583,9 +583,9 @@
-included in the transfer and the client requests that they be used.
+.IP o
-.IP
+%c the total size of the block checksums received for the basis file (only when sending)
-.IP "\fBexclude\fP"
+.IP o
-! This parameter takes a space-separated list of daemon
+-%f the filename (long form on sender; no trailing \(dq\&/\(dq\&)
-exclude patterns.  As with the client \fB\-\-exclude\fP option, patterns can be
++%f the filename (long form on sender; no trailing \(lq/\(rq)
-! qualified with \(lq\- \(rq or \(lq+ \(rq to explicitly indicate exclude/include.  Only one
+.IP o
-! \(lqexclude\(rq parameter can apply to a given module.  See the \(lqfilter\(rq parameter
+-%G the gid of the file (decimal) or \(dq\&DEFAULT\(dq\&
-for a description of how excluded files affect the daemon.
++%G the gid of the file (decimal) or \(lqDEFAULT\(rq
-.IP
+.IP o
-.IP "\fBinclude\fP"
+%h the remote host name
-! Use an \(lqinclude\(rq to override the effects of the \(lqexclude\(rq
+.IP o
-! parameter.  Only one \(lqinclude\(rq parameter can apply to a given module.  See the
+@@ -593,15 +593,15 @@
-! \(lqfilter\(rq parameter for a description of how excluded files affect the daemon.
+.IP o
-.IP
+%l the length of the file in bytes
-.IP "\fBexclude from\fP"
+.IP o
-This parameter specifies the name of a file
+-%L the string \(dq\& \-> SYMLINK\(dq\&, \(dq\& => HARDLINK\(dq\&, or \(dq\&\(dq\& (where \fBSYMLINK\fP or \fBHARDLINK\fP is a filename)
-on the daemon that contains daemon exclude patterns, one per line.  Only one
++%L the string \(lq \-> SYMLINK\(rq, \(lq => HARDLINK\(rq, or \(lq\(rq (where \fBSYMLINK\fP or \fBHARDLINK\fP is a filename)
-! \(lqexclude from\(rq parameter can apply to a given module; if you have multiple
+.IP o
-! exclude-from files, you can specify them as a merge file in the \(lqfilter\(rq
+%m the module name
-! parameter.  See the \(lqfilter\(rq parameter for a description of how excluded files
+.IP o
-affect the daemon.
+-%M the last\-modified time of the file
-.IP
++%M the last-modified time of the file
-.IP "\fBinclude from\fP"
+.IP o
-! Analogue of \(lqexclude from\(rq for a file of daemon include
+-%n the filename (short form; trailing \(dq\&/\(dq\& on dir)
-! patterns.  Only one \(lqinclude from\(rq parameter can apply to a given module.  See
++%n the filename (short form; trailing \(lq/\(rq on dir)
-! the \(lqfilter\(rq parameter for a description of how excluded files affect the
+.IP o
-daemon.
+-%o the operation, which is \(dq\&send\(dq\&, \(dq\&recv\(dq\&, or \(dq\&del.\(dq\& (the latter includes the trailing period)
-.IP
++%o the operation, which is \(lqsend\(rq, \(lqrecv\(rq, or \(lqdel.\(rq (the latter includes the trailing period)
-.IP "\fBincoming chmod\fP"
+.IP o
-This parameter allows you to specify a set of
+%p the process ID of this rsync session
-! comma-separated chmod strings that will affect the permissions of all
+.IP o
-incoming files (files that are being received by the daemon).  These
+@@ -615,7 +615,7 @@
-changes happen after all other permission calculations, and this will
+.RE
-! even override destination-default and/or existing permissions when the
-client does not specify \fB\-\-perms\fP.
+.IP
-See the description of the \fB\-\-chmod\fP rsync option and the \fBchmod\fP(1)
+-For a list of what the characters mean that are output by \(dq\&%i\(dq\&, see the
-manpage for information on the format of this string.
++For a list of what the characters mean that are output by \(lq%i\(rq, see the
---- 367,421 ----
+\fB\-\-itemize\-changes\fP option in the rsync manpage.
-tampering with private administrative files, such as files you may add to
+.IP
-support uid/gid name translations.
+Note that some of the logged output changes when talking with older
-.IP
+@@ -625,7 +625,7 @@
-! The daemon filter chain is built from the \(dq\&filter\(dq\&, \(dq\&include from\(dq\&, \(dq\&include\(dq\&,
+.IP "\fBtimeout\fP"
-! \(dq\&exclude from\(dq\&, and \(dq\&exclude\(dq\& parameters, in that order of priority.  Anchored
+This parameter allows you to override the
-patterns are anchored at the root of the module.  To prevent access to an
+clients choice for I/O timeout for this module. Using this parameter you
-! entire subtree, for example, \(dq\&/secret\(dq\&, you \fImust\fP exclude everything in the
+-can ensure that rsync won\(cq\&t wait on a dead client forever. The timeout
-! subtree; the easiest way to do this is with a triple\-star pattern like
++can ensure that rsync won't wait on a dead client forever. The timeout
-! \(dq\&/secret/***\(dq\&.
+is specified in seconds. A value of zero means no timeout and is the
-.IP
+default. A good choice for anonymous rsync daemons may be 600 (giving
-! The \(dq\&filter\(dq\& parameter takes a space\-separated list of daemon filter rules,
+a 10 minute timeout).
-though it is smart enough to know not to split a token at an internal space in
+@@ -632,10 +632,10 @@
-! a rule (e.g. \(dq\&\- /foo  \(em /bar\(dq\& is parsed as two rules).  You may specify one or
+.IP
-! more merge\-file rules using the normal syntax.  Only one \(dq\&filter\(dq\& parameter can
+.IP "\fBrefuse options\fP"
-apply to a given module in the config file, so put all the rules you want in a
+This parameter allows you to
-! single parameter.  Note that per\-directory merge\-file rules do not provide as
+-specify a space\-separated list of rsync command line options that will
-much protection as global rules, but they can be used to make \fB\-\-delete\fP work
++specify a space-separated list of rsync command line options that will
-! better during a client download operation if the per\-dir merge files are
+be refused by your rsync daemon.
-included in the transfer and the client requests that they be used.
+-You may specify the full option name, its one\-letter abbreviation, or a
-.IP
+-wild\-card string that matches multiple options.
-.IP "\fBexclude\fP"
++You may specify the full option name, its one-letter abbreviation, or a
-! This parameter takes a space\-separated list of daemon
++wild-card string that matches multiple options.
-exclude patterns.  As with the client \fB\-\-exclude\fP option, patterns can be
+For example, this would refuse \fB\-\-checksum\fP (\fB\-c\fP) and all the various
-! qualified with \(dq\&\- \(dq\& or \(dq\&+ \(dq\& to explicitly indicate exclude/include.  Only one
+delete options:
-! \(dq\&exclude\(dq\& parameter can apply to a given module.  See the \(dq\&filter\(dq\& parameter
+.IP
-for a description of how excluded files affect the daemon.
+@@ -646,15 +646,15 @@
 .IP
-.IP "\fBinclude\fP"
+The reason the above refuses all delete options is that the options imply
-! Use an \(dq\&include\(dq\& to override the effects of the \(dq\&exclude\(dq\&
+\fB\-\-delete\fP, and implied options are refused just like explicit options.
-! parameter.  Only one \(dq\&include\(dq\& parameter can apply to a given module.  See the
+-As an additional safety feature, the refusal of \(dq\&delete\(dq\& also refuses
-! \(dq\&filter\(dq\& parameter for a description of how excluded files affect the daemon.
+-\fBremove\-source\-files\fP when the daemon is the sender; if you want the latter
-.IP
+-without the former, instead refuse \(dq\&delete\-*\(dq\& \-\- that refuses all the
-.IP "\fBexclude from\fP"
++As an additional safety feature, the refusal of \(lqdelete\(rq also refuses
-This parameter specifies the name of a file
++\fBremove-source-files\fP when the daemon is the sender; if you want the latter
-on the daemon that contains daemon exclude patterns, one per line.  Only one
++without the former, instead refuse \(lqdelete\-*\(rq \(em that refuses all the
-! \(dq\&exclude from\(dq\& parameter can apply to a given module; if you have multiple
+delete modes without affecting \fB\-\-remove\-source\-files\fP.
-! exclude\-from files, you can specify them as a merge file in the \(dq\&filter\(dq\&
+.IP
-! parameter.  See the \(dq\&filter\(dq\& parameter for a description of how excluded files
+When an option is refused, the daemon prints an error message and exits.
-affect the daemon.
+To prevent all compression when serving files,
-.IP
+-you can use \(dq\&dont compress = *\(dq\& (see below)
-.IP "\fBinclude from\fP"
+-instead of \(dq\&refuse options = compress\(dq\& to avoid returning an error to a
-! Analogue of \(dq\&exclude from\(dq\& for a file of daemon include
++you can use \(lqdont compress = *\(rq (see below)
-! patterns.  Only one \(dq\&include from\(dq\& parameter can apply to a given module.  See
++instead of \(lqrefuse options = compress\(rq to avoid returning an error to a
-! the \(dq\&filter\(dq\& parameter for a description of how excluded files affect the
+client that requests compression.
-daemon.
+.IP
-.IP
+.IP "\fBdont compress\fP"
-.IP "\fBincoming chmod\fP"
+@@ -663,25 +663,25 @@
-This parameter allows you to specify a set of
+when pulling files from the daemon (no analogous parameter exists to
-! comma\-separated chmod strings that will affect the permissions of all
+govern the pushing of files to a daemon).
-incoming files (files that are being received by the daemon).  These
+Compression is expensive in terms of CPU usage, so it
-changes happen after all other permission calculations, and this will
+-is usually good to not try to compress files that won\(cq\&t compress well,
-! even override destination\-default and/or existing permissions when the
++is usually good to not try to compress files that won't compress well,
-client does not specify \fB\-\-perms\fP.
+such as already compressed files.
-See the description of the \fB\-\-chmod\fP rsync option and the \fBchmod\fP(1)
+.IP
-manpage for information on the format of this string.
+-The \(dq\&dont compress\(dq\& parameter takes a space\-separated list of
-***************
+-case\-insensitive wildcard patterns. Any source filename matching one
-*** 422,428 ****
++The \(lqdont compress\(rq parameter takes a space-separated list of
-.IP
++case-insensitive wildcard patterns. Any source filename matching one
-.IP "\fBoutgoing chmod\fP"
+of the patterns will not be compressed during transfer.
-This parameter allows you to specify a set of
+.IP
-! comma-separated chmod strings that will affect the permissions of all
+See the \fB\-\-skip\-compress\fP parameter in the \fBrsync\fP(1) manpage for the list
-outgoing files (files that are being sent out from the daemon).  These
+of file suffixes that are not compressed by default.  Specifying a value
-changes happen first, making the sent permissions appear to be different
+-for the \(dq\&dont compress\(dq\& parameter changes the default when the daemon is
-than those stored in the filesystem itself.  For instance, you could
++for the \(lqdont compress\(rq parameter changes the default when the daemon is
---- 422,428 ----
+the sender.
 .IP
-.IP "\fBoutgoing chmod\fP"
+-.IP "\fBpre\-xfer exec\fP, \fBpost\-xfer exec\fP"
-This parameter allows you to specify a set of
++.IP "\fBpre-xfer exec\fP, \fBpost-xfer exec\fP"
-! comma\-separated chmod strings that will affect the permissions of all
+You may specify a command to be run
-outgoing files (files that are being sent out from the daemon).  These
+-before and/or after the transfer.  If the \fBpre\-xfer exec\fP command fails, the
-changes happen first, making the sent permissions appear to be different
++before and/or after the transfer.  If the \fBpre-xfer exec\fP command fails, the
-than those stored in the filesystem itself.  For instance, you could
+transfer is aborted before it begins.
-***************
+.IP
-*** 433,473 ****
+The following environment variables will be set, though some are
-.IP
+-specific to the pre\-xfer or the post\-xfer environment:
-.IP "\fBauth users\fP"
++specific to the pre-xfer or the post-xfer environment:
-This parameter specifies a comma and
+.IP
-! space-separated list of usernames that will be allowed to connect to
+.RS
-this module. The usernames do not need to exist on the local
+.IP o
-system. The usernames may also contain shell wildcard characters. If
+@@ -689,29 +689,29 @@
-! \(lqauth users\(rq is set then the client will be challenged to supply a
+.IP o
-username and password to connect to the module. A challenge response
+\fBRSYNC_MODULE_PATH\fP: The path configured for the module.
-authentication protocol is used for this exchange. The plain text
+.IP o
-usernames and passwords are stored in the file specified by the
+-\fBRSYNC_HOST_ADDR\fP: The accessing host\(cq\&s IP address.
-! \(lqsecrets file\(rq parameter. The default is for all users to be able to
++\fBRSYNC_HOST_ADDR\fP: The accessing host's IP address.
-! connect without a password (this is called \(lqanonymous rsync\(rq).
+.IP o
-.IP
+-\fBRSYNC_HOST_NAME\fP: The accessing host\(cq\&s name.
-! See also the \(lqCONNECTING TO AN RSYNC DAEMON OVER A REMOTE SHELL
++\fBRSYNC_HOST_NAME\fP: The accessing host's name.
-! PROGRAM\(rq section in \fBrsync\fP(1) for information on how handle an
+.IP o
-! rsyncd.conf\-level username that differs from the remote-shell-level
+-\fBRSYNC_USER_NAME\fP: The accessing user\(cq\&s name (empty if no user).
-username when using a remote shell to connect to an rsync daemon.
++\fBRSYNC_USER_NAME\fP: The accessing user's name (empty if no user).
-.IP
+.IP o
-.IP "\fBsecrets file\fP"
+\fBRSYNC_PID\fP: A unique number for this transfer.
-This parameter specifies the name of
+.IP o
-a file that contains the username:password pairs used for
+-\fBRSYNC_REQUEST\fP: (pre\-xfer only) The module/path info specified
-! authenticating this module. This file is only consulted if the \(lqauth
++\fBRSYNC_REQUEST\fP: (pre-xfer only) The module/path info specified
-! users\(rq parameter is specified. The file is line based and contains
+by the user (note that the user can specify multiple source files,
-username:password pairs separated by a single colon. Any line starting
+-so the request can be something like \(dq\&mod/path1 mod/path2\(dq\&, etc.).
-with a hash (#) is considered a comment and is skipped. The passwords
++so the request can be something like \(lqmod/path1 mod/path2\(rq, etc.).
-can contain any characters but be warned that many operating systems
+.IP o
-limit the length of passwords that can be typed at the client end, so
+-\fBRSYNC_ARG#\fP: (pre\-xfer only) The pre\-request arguments are set
-! you may find that passwords longer than 8 characters don't work.
+-in these numbered values. RSYNC_ARG0 is always \(dq\&rsyncd\(dq\&, and the last
-.IP
++\fBRSYNC_ARG#\fP: (pre-xfer only) The pre-request arguments are set
-! There is no default for the \(lqsecrets file\(rq parameter, you must choose a name
++in these numbered values. RSYNC_ARG0 is always \(lqrsyncd\(rq, and the last
-(such as \f(CW/etc/rsyncd.secrets\fP).  The file must normally not be readable
+value contains a single period.
-! by \(lqother\(rq; see \(lqstrict modes\(rq.
+.IP o
-.IP
+-\fBRSYNC_EXIT_STATUS\fP: (post\-xfer only) the server side\(cq\&s exit value.
-.IP "\fBstrict modes\fP"
++\fBRSYNC_EXIT_STATUS\fP: (post-xfer only) the server side's exit value.
-This parameter determines whether or not
+This will be 0 for a successful run, a positive value for an error that the
-! the permissions on the secrets file will be checked.  If \(lqstrict modes\(rq is
+server generated, or a \-1 if rsync failed to exit properly.  Note that an
-true, then the secrets file must not be readable by any user ID other
+error that occurs on the client side does not currently get sent to the
-! than the one that the rsync daemon is running under.  If \(lqstrict modes\(rq is
+server side, so this is not the final exit status for the whole transfer.
-false, the check is not performed.  The default is true.  This parameter
+.IP o
-was added to accommodate rsync running on the Windows operating system.
+-\fBRSYNC_RAW_STATUS\fP: (post\-xfer only) the raw exit value from
-.IP
++\fBRSYNC_RAW_STATUS\fP: (post-xfer only) the raw exit value from
---- 433,473 ----
+\f(CWwaitpid()\fP
-.IP
+\&.
-.IP "\fBauth users\fP"
+.RE
-This parameter specifies a comma and
+@@ -719,7 +719,7 @@
-! space\-separated list of usernames that will be allowed to connect to
+.IP
-this module. The usernames do not need to exist on the local
+Even though the commands can be associated with a particular module, they
-system. The usernames may also contain shell wildcard characters. If
+are run using the permissions of the user that started the daemon (not the
-! \(dq\&auth users\(dq\& is set then the client will be challenged to supply a
+-module\(cq\&s uid/gid setting) without any chroot restrictions.
-username and password to connect to the module. A challenge response
++module's uid/gid setting) without any chroot restrictions.
-authentication protocol is used for this exchange. The plain text
+.IP
-usernames and passwords are stored in the file specified by the
+.SH "AUTHENTICATION STRENGTH"
-! \(dq\&secrets file\(dq\& parameter. The default is for all users to be able to
-! connect without a password (this is called \(dq\&anonymous rsync\(dq\&).
+@@ -726,8 +726,8 @@
-.IP
+.PP
-! See also the section entitled \(dq\&USING RSYNC\-DAEMON FEATURES VIA A REMOTE
+The authentication protocol used in rsync is a 128 bit MD4 based
-! SHELL CONNECTION\(dq\& in \fBrsync\fP(1) for information on how handle an
+challenge response system. This is fairly weak protection, though (with
-! rsyncd.conf\-level username that differs from the remote\-shell\-level
+-at least one brute\-force hash\-finding algorithm publicly available), so
-username when using a remote shell to connect to an rsync daemon.
+-if you want really top\-quality security, then I recommend that you run
-.IP
++at least one brute-force hash-finding algorithm publicly available), so
-.IP "\fBsecrets file\fP"
++if you want really top-quality security, then I recommend that you run
-This parameter specifies the name of
+rsync over ssh.  (Yes, a future version of rsync will switch over to a
-a file that contains the username:password pairs used for
+stronger hashing method.)
-! authenticating this module. This file is only consulted if the \(dq\&auth
+.PP
-! users\(dq\& parameter is specified. The file is line based and contains
+@@ -822,7 +822,7 @@
-username:password pairs separated by a single colon. Any line starting
+.SH "VERSION"
-with a hash (#) is considered a comment and is skipped. The passwords
-can contain any characters but be warned that many operating systems
+.PP
-limit the length of passwords that can be typed at the client end, so
+-This man page is current for version 3.0.8 of rsync.
-! you may find that passwords longer than 8 characters don\(cq\&t work.
++This man page is current for version 3.0.6 of rsync.
-.IP
+.PP
-! There is no default for the \(dq\&secrets file\(dq\& parameter, you must choose a name
+.SH "CREDITS"
-(such as \f(CW/etc/rsyncd.secrets\fP).  The file must normally not be readable
-! by \(dq\&other\(dq\&; see \(dq\&strict modes\(dq\&.
+@@ -838,7 +838,7 @@
-.IP
+.PP
-.IP "\fBstrict modes\fP"
+We would be delighted to hear from you if you like this program.
-This parameter determines whether or not
+.PP
-! the permissions on the secrets file will be checked.  If \(dq\&strict modes\(dq\& is
+-This program uses the zlib compression library written by Jean\-loup
-true, then the secrets file must not be readable by any user ID other
++This program uses the zlib compression library written by Jean-loup
-! than the one that the rsync daemon is running under.  If \(dq\&strict modes\(dq\& is
+Gailly and Mark Adler.
-false, the check is not performed.  The default is true.  This parameter
+.PP
-was added to accommodate rsync running on the Windows operating system.
+.SH "THANKS"
-.IP
-***************
-*** 482,488 ****
-.RS
-.IP o
-a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address
-! of the form a:b:c::d:e:f. In this case the incoming machine's IP address
-must match exactly.
-.IP o
-an address/mask in the form ipaddr/n where ipaddr is the IP address
---- 482,488 ----
-.RS
-.IP o
-a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address
-! of the form a:b:c::d:e:f. In this case the incoming machine\(cq\&s IP address
-must match exactly.
-.IP o
-an address/mask in the form ipaddr/n where ipaddr is the IP address
-***************
-*** 504,510 ****
-.RE
-.IP
-! Note IPv6 link-local addresses can have a scope in the address specification:
-.IP
-.RS
-\f(CW    fe80::1%link1\fP
---- 504,510 ----
-.RE
-.IP
-! Note IPv6 link\-local addresses can have a scope in the address specification:
-.IP
-.RS
-\f(CW    fe80::1%link1\fP
-***************
-*** 516,538 ****
-.RE
-.IP
-! You can also combine \(lqhosts allow\(rq with a separate \(lqhosts deny\(rq
-! parameter. If both parameters are specified then the \(lqhosts allow\(rq parameter is
-checked first and a match results in the client being able to
-! connect. The \(lqhosts deny\(rq parameter is then checked and a match means
-that the host is rejected. If the host does not match either the
-! \(lqhosts allow\(rq or the \(lqhosts deny\(rq patterns then it is allowed to
-connect.
-.IP
-! The default is no \(lqhosts allow\(rq parameter, which means all hosts can connect.
-.IP
-.IP "\fBhosts deny\fP"
-This parameter allows you to specify a
-list of patterns that are matched against a connecting clients
-hostname and IP address. If the pattern matches then the connection is
-! rejected. See the \(lqhosts allow\(rq parameter for more information.
-.IP
-! The default is no \(lqhosts deny\(rq parameter, which means all hosts can connect.
-.IP
-.IP "\fBignore errors\fP"
-This parameter tells rsyncd to
---- 516,538 ----
-.RE
-.IP
-! You can also combine \(dq\&hosts allow\(dq\& with a separate \(dq\&hosts deny\(dq\&
-! parameter. If both parameters are specified then the \(dq\&hosts allow\(dq\& parameter is
-checked first and a match results in the client being able to
-! connect. The \(dq\&hosts deny\(dq\& parameter is then checked and a match means
-that the host is rejected. If the host does not match either the
-! \(dq\&hosts allow\(dq\& or the \(dq\&hosts deny\(dq\& patterns then it is allowed to
-connect.
-.IP
-! The default is no \(dq\&hosts allow\(dq\& parameter, which means all hosts can connect.
-.IP
-.IP "\fBhosts deny\fP"
-This parameter allows you to specify a
-list of patterns that are matched against a connecting clients
-hostname and IP address. If the pattern matches then the connection is
-! rejected. See the \(dq\&hosts allow\(dq\& parameter for more information.
-.IP
-! The default is no \(dq\&hosts deny\(dq\& parameter, which means all hosts can connect.
-.IP
-.IP "\fBignore errors\fP"
-This parameter tells rsyncd to
-***************
-*** 546,577 ****
-.IP "\fBignore nonreadable\fP"
-This tells the rsync daemon to completely
-ignore files that are not readable by the user. This is useful for
-! public archives that may have some non-readable files among the
-! directories, and the sysadmin doesn't want those files to be seen at all.
-.IP
-.IP "\fBtransfer logging\fP"
-! This parameter enables per-file
-logging of downloads and uploads in a format somewhat similar to that
-used by ftp daemons.  The daemon always logs the transfer at the end, so
-if a transfer is aborted, no mention will be made in the log file.
-.IP
-! If you want to customize the log lines, see the \(lqlog format\(rq parameter.
-.IP
-.IP "\fBlog format\fP"
-This parameter allows you to specify the
-format used for logging file transfers when transfer logging is enabled.
-! The format is a text string containing embedded single-character escape
-sequences prefixed with a percent (%) character.  An optional numeric
-field width may also be specified between the percent and the escape
-! letter (e.g. \(lq\fB%\-50n %8l %07p\fP\(rq).
-.IP
-! The default log format is \(lq%o %h [%a] %m (%u) %f %l\(rq, and a \(lq%t [%p] \(rq
-! is always prefixed when using the \(lqlog file\(rq parameter.
-(A perl script that will summarize this default log format is included
-! in the rsync source code distribution in the \(lqsupport\(rq subdirectory:
-rsyncstats.)
-.IP
-! The single-character escapes that are understood are as follows:
-.IP
-.RS
-.IP o
---- 546,577 ----
-.IP "\fBignore nonreadable\fP"
-This tells the rsync daemon to completely
-ignore files that are not readable by the user. This is useful for
-! public archives that may have some non\-readable files among the
-! directories, and the sysadmin doesn\(cq\&t want those files to be seen at all.
-.IP
-.IP "\fBtransfer logging\fP"
-! This parameter enables per\-file
-logging of downloads and uploads in a format somewhat similar to that
-used by ftp daemons.  The daemon always logs the transfer at the end, so
-if a transfer is aborted, no mention will be made in the log file.
-.IP
-! If you want to customize the log lines, see the \(dq\&log format\(dq\& parameter.
-.IP
-.IP "\fBlog format\fP"
-This parameter allows you to specify the
-format used for logging file transfers when transfer logging is enabled.
-! The format is a text string containing embedded single\-character escape
-sequences prefixed with a percent (%) character.  An optional numeric
-field width may also be specified between the percent and the escape
-! letter (e.g. \(dq\&\fB%\-50n %8l %07p\fP\(dq\&).
-.IP
-! The default log format is \(dq\&%o %h [%a] %m (%u) %f %l\(dq\&, and a \(dq\&%t [%p] \(dq\&
-! is always prefixed when using the \(dq\&log file\(dq\& parameter.
-(A perl script that will summarize this default log format is included
-! in the rsync source code distribution in the \(dq\&support\(dq\& subdirectory:
-rsyncstats.)
-.IP
-! The single\-character escapes that are understood are as follows:
-.IP
-.RS
-.IP o
-***************
-*** 583,591 ****
-.IP o
-%c the total size of the block checksums received for the basis file (only when sending)
-.IP o
-! %f the filename (long form on sender; no trailing \(lq/\(rq)
-.IP o
-! %G the gid of the file (decimal) or \(lqDEFAULT\(rq
-.IP o
-%h the remote host name
-.IP o
---- 583,591 ----
-.IP o
-%c the total size of the block checksums received for the basis file (only when sending)
-.IP o
-! %f the filename (long form on sender; no trailing \(dq\&/\(dq\&)
-.IP o
-! %G the gid of the file (decimal) or \(dq\&DEFAULT\(dq\&
-.IP o
-%h the remote host name
-.IP o
-***************
-*** 593,607 ****
-.IP o
-%l the length of the file in bytes
-.IP o
-! %L the string \(lq \-> SYMLINK\(rq, \(lq => HARDLINK\(rq, or \(lq\(rq (where \fBSYMLINK\fP or \fBHARDLINK\fP is a filename)
-.IP o
-%m the module name
-.IP o
-! %M the last-modified time of the file
-.IP o
-! %n the filename (short form; trailing \(lq/\(rq on dir)
-.IP o
-! %o the operation, which is \(lqsend\(rq, \(lqrecv\(rq, or \(lqdel.\(rq (the latter includes the trailing period)
-.IP o
-%p the process ID of this rsync session
-.IP o
---- 593,607 ----
-.IP o
-%l the length of the file in bytes
-.IP o
-! %L the string \(dq\& \-> SYMLINK\(dq\&, \(dq\& => HARDLINK\(dq\&, or \(dq\&\(dq\& (where \fBSYMLINK\fP or \fBHARDLINK\fP is a filename)
-.IP o
-%m the module name
-.IP o
-! %M the last\-modified time of the file
-.IP o
-! %n the filename (short form; trailing \(dq\&/\(dq\& on dir)
-.IP o
-! %o the operation, which is \(dq\&send\(dq\&, \(dq\&recv\(dq\&, or \(dq\&del.\(dq\& (the latter includes the trailing period)
-.IP o
-%p the process ID of this rsync session
-.IP o
-***************
-*** 615,621 ****
-.RE
-.IP
-! For a list of what the characters mean that are output by \(lq%i\(rq, see the
-\fB\-\-itemize\-changes\fP option in the rsync manpage.
-.IP
-Note that some of the logged output changes when talking with older
---- 615,621 ----
-.RE
-.IP
-! For a list of what the characters mean that are output by \(dq\&%i\(dq\&, see the
-\fB\-\-itemize\-changes\fP option in the rsync manpage.
-.IP
-Note that some of the logged output changes when talking with older
-***************
-*** 625,631 ****
-.IP "\fBtimeout\fP"
-This parameter allows you to override the
-clients choice for I/O timeout for this module. Using this parameter you
-! can ensure that rsync won't wait on a dead client forever. The timeout
-is specified in seconds. A value of zero means no timeout and is the
-default. A good choice for anonymous rsync daemons may be 600 (giving
-a 10 minute timeout).
---- 625,631 ----
-.IP "\fBtimeout\fP"
-This parameter allows you to override the
-clients choice for I/O timeout for this module. Using this parameter you
-! can ensure that rsync won\(cq\&t wait on a dead client forever. The timeout
-is specified in seconds. A value of zero means no timeout and is the
-default. A good choice for anonymous rsync daemons may be 600 (giving
-a 10 minute timeout).
-***************
-*** 632,641 ****
-.IP
-.IP "\fBrefuse options\fP"
-This parameter allows you to
-! specify a space-separated list of rsync command line options that will
-be refused by your rsync daemon.
-! You may specify the full option name, its one-letter abbreviation, or a
-! wild-card string that matches multiple options.
-For example, this would refuse \fB\-\-checksum\fP (\fB\-c\fP) and all the various
-delete options:
-.IP
---- 632,641 ----
-.IP
-.IP "\fBrefuse options\fP"
-This parameter allows you to
-! specify a space\-separated list of rsync command line options that will
-be refused by your rsync daemon.
-! You may specify the full option name, its one\-letter abbreviation, or a
-! wild\-card string that matches multiple options.
-For example, this would refuse \fB\-\-checksum\fP (\fB\-c\fP) and all the various
-delete options:
-.IP
-***************
-*** 646,660 ****
-.IP
-The reason the above refuses all delete options is that the options imply
-\fB\-\-delete\fP, and implied options are refused just like explicit options.
-! As an additional safety feature, the refusal of \(lqdelete\(rq also refuses
-! \fBremove-source-files\fP when the daemon is the sender; if you want the latter
-! without the former, instead refuse \(lqdelete\-*\(rq \(em that refuses all the
-delete modes without affecting \fB\-\-remove\-source\-files\fP.
-.IP
-When an option is refused, the daemon prints an error message and exits.
-To prevent all compression when serving files,
-! you can use \(lqdont compress = *\(rq (see below)
-! instead of \(lqrefuse options = compress\(rq to avoid returning an error to a
-client that requests compression.
-.IP
-.IP "\fBdont compress\fP"
---- 646,660 ----
-.IP
-The reason the above refuses all delete options is that the options imply
-\fB\-\-delete\fP, and implied options are refused just like explicit options.
-! As an additional safety feature, the refusal of \(dq\&delete\(dq\& also refuses
-! \fBremove\-source\-files\fP when the daemon is the sender; if you want the latter
-! without the former, instead refuse \(dq\&delete\-*\(dq\& \-\- that refuses all the
-delete modes without affecting \fB\-\-remove\-source\-files\fP.
-.IP
-When an option is refused, the daemon prints an error message and exits.
-To prevent all compression when serving files,
-! you can use \(dq\&dont compress = *\(dq\& (see below)
-! instead of \(dq\&refuse options = compress\(dq\& to avoid returning an error to a
-client that requests compression.
-.IP
-.IP "\fBdont compress\fP"
-***************
-*** 663,687 ****
-when pulling files from the daemon (no analogous parameter exists to
-govern the pushing of files to a daemon).
-Compression is expensive in terms of CPU usage, so it
-! is usually good to not try to compress files that won't compress well,
-such as already compressed files.
-.IP
-! The \(lqdont compress\(rq parameter takes a space-separated list of
-! case-insensitive wildcard patterns. Any source filename matching one
-of the patterns will not be compressed during transfer.
-.IP
-See the \fB\-\-skip\-compress\fP parameter in the \fBrsync\fP(1) manpage for the list
-of file suffixes that are not compressed by default.  Specifying a value
-! for the \(lqdont compress\(rq parameter changes the default when the daemon is
-the sender.
-.IP
-! .IP "\fBpre-xfer exec\fP, \fBpost-xfer exec\fP"
-You may specify a command to be run
-! before and/or after the transfer.  If the \fBpre-xfer exec\fP command fails, the
-transfer is aborted before it begins.
-.IP
-The following environment variables will be set, though some are
-! specific to the pre-xfer or the post-xfer environment:
-.IP
-.RS
-.IP o
---- 663,687 ----
-when pulling files from the daemon (no analogous parameter exists to
-govern the pushing of files to a daemon).
-Compression is expensive in terms of CPU usage, so it
-! is usually good to not try to compress files that won\(cq\&t compress well,
-such as already compressed files.
-.IP
-! The \(dq\&dont compress\(dq\& parameter takes a space\-separated list of
-! case\-insensitive wildcard patterns. Any source filename matching one
-of the patterns will not be compressed during transfer.
-.IP
-See the \fB\-\-skip\-compress\fP parameter in the \fBrsync\fP(1) manpage for the list
-of file suffixes that are not compressed by default.  Specifying a value
-! for the \(dq\&dont compress\(dq\& parameter changes the default when the daemon is
-the sender.
-.IP
-! .IP "\fBpre\-xfer exec\fP, \fBpost\-xfer exec\fP"
-You may specify a command to be run
-! before and/or after the transfer.  If the \fBpre\-xfer exec\fP command fails, the
-transfer is aborted before it begins.
-.IP
-The following environment variables will be set, though some are
-! specific to the pre\-xfer or the post\-xfer environment:
-.IP
-.RS
-.IP o
-***************
-*** 689,717 ****
-.IP o
-\fBRSYNC_MODULE_PATH\fP: The path configured for the module.
-.IP o
-! \fBRSYNC_HOST_ADDR\fP: The accessing host's IP address.
-.IP o
-! \fBRSYNC_HOST_NAME\fP: The accessing host's name.
-.IP o
-! \fBRSYNC_USER_NAME\fP: The accessing user's name (empty if no user).
-.IP o
-\fBRSYNC_PID\fP: A unique number for this transfer.
-.IP o
-! \fBRSYNC_REQUEST\fP: (pre-xfer only) The module/path info specified
-by the user (note that the user can specify multiple source files,
-! so the request can be something like \(lqmod/path1 mod/path2\(rq, etc.).
-.IP o
-! \fBRSYNC_ARG#\fP: (pre-xfer only) The pre-request arguments are set
-! in these numbered values. RSYNC_ARG0 is always \(lqrsyncd\(rq, and the last
-value contains a single period.
-.IP o
-! \fBRSYNC_EXIT_STATUS\fP: (post-xfer only) the server side's exit value.
-This will be 0 for a successful run, a positive value for an error that the
-server generated, or a \-1 if rsync failed to exit properly.  Note that an
-error that occurs on the client side does not currently get sent to the
-server side, so this is not the final exit status for the whole transfer.
-.IP o
-! \fBRSYNC_RAW_STATUS\fP: (post-xfer only) the raw exit value from
-\f(CWwaitpid()\fP
-\&.
-.RE
---- 689,717 ----
-.IP o
-\fBRSYNC_MODULE_PATH\fP: The path configured for the module.
-.IP o
-! \fBRSYNC_HOST_ADDR\fP: The accessing host\(cq\&s IP address.
-.IP o
-! \fBRSYNC_HOST_NAME\fP: The accessing host\(cq\&s name.
-.IP o
-! \fBRSYNC_USER_NAME\fP: The accessing user\(cq\&s name (empty if no user).
-.IP o
-\fBRSYNC_PID\fP: A unique number for this transfer.
-.IP o
-! \fBRSYNC_REQUEST\fP: (pre\-xfer only) The module/path info specified
-by the user (note that the user can specify multiple source files,
-! so the request can be something like \(dq\&mod/path1 mod/path2\(dq\&, etc.).
-.IP o
-! \fBRSYNC_ARG#\fP: (pre\-xfer only) The pre\-request arguments are set
-! in these numbered values. RSYNC_ARG0 is always \(dq\&rsyncd\(dq\&, and the last
-value contains a single period.
-.IP o
-! \fBRSYNC_EXIT_STATUS\fP: (post\-xfer only) the server side\(cq\&s exit value.
-This will be 0 for a successful run, a positive value for an error that the
-server generated, or a \-1 if rsync failed to exit properly.  Note that an
-error that occurs on the client side does not currently get sent to the
-server side, so this is not the final exit status for the whole transfer.
-.IP o
-! \fBRSYNC_RAW_STATUS\fP: (post\-xfer only) the raw exit value from
-\f(CWwaitpid()\fP
-\&.
-.RE
-***************
-*** 719,725 ****
-.IP
-Even though the commands can be associated with a particular module, they
-are run using the permissions of the user that started the daemon (not the
-! module's uid/gid setting) without any chroot restrictions.
-.IP
-.SH "AUTHENTICATION STRENGTH"
---- 719,725 ----
-.IP
-Even though the commands can be associated with a particular module, they
-are run using the permissions of the user that started the daemon (not the
-! module\(cq\&s uid/gid setting) without any chroot restrictions.
-.IP
-.SH "AUTHENTICATION STRENGTH"
-***************
-*** 726,733 ****
-.PP
-The authentication protocol used in rsync is a 128 bit MD4 based
-challenge response system. This is fairly weak protection, though (with
-! at least one brute-force hash-finding algorithm publicly available), so
-! if you want really top-quality security, then I recommend that you run
-rsync over ssh.  (Yes, a future version of rsync will switch over to a
-stronger hashing method.)
-.PP
---- 726,733 ----
-.PP
-The authentication protocol used in rsync is a 128 bit MD4 based
-challenge response system. This is fairly weak protection, though (with
-! at least one brute\-force hash\-finding algorithm publicly available), so
-! if you want really top\-quality security, then I recommend that you run
-rsync over ssh.  (Yes, a future version of rsync will switch over to a
-stronger hashing method.)
-.PP
-***************
-*** 822,828 ****
-.SH "VERSION"
-.PP
-! This man page is current for version 3.0.6 of rsync.
-.PP
-.SH "CREDITS"
---- 822,828 ----
-.SH "VERSION"
-.PP
-! This man page is current for version 3.0.8 of rsync.
-.PP
-.SH "CREDITS"
-***************
-*** 838,844 ****
-.PP
-We would be delighted to hear from you if you like this program.
-.PP
-! This program uses the zlib compression library written by Jean-loup
-Gailly and Mark Adler.
-.PP
-.SH "THANKS"
---- 838,844 ----
-.PP
-We would be delighted to hear from you if you like this program.
-.PP
-! This program uses the zlib compression library written by Jean\-loup
-Gailly and Mark Adler.
-.PP
-.SH "THANKS"

changeset 297	3940bc347ca8
parent 296	464763778976
child 1351	5c589218fa09