cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openbsd-ports/net/rsync/patches/patch-rsyncd_conf_5
naddy 73f2e7d414 Update to 3.1.2: This is a bug-fix release. It includes a security 
fix for a transfer from a sender that you don't fully trust.

Originally gonzalo@ submitted a broken update to espie@ who passed
it around and then everybody forgot.
2016-01-10 21:36:22 +00:00

81 lines
3.4 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-rsyncd_conf_5,v 1.6 2016/01/10 21:36:22 naddy Exp $
--- rsyncd.conf.5.orig Mon Dec 21 21:20:56 2015
+++ rsyncd.conf.5 Tue Dec 22 21:23:23 2015
@@ -68,12 +68,11 @@ When run via inetd you should add a line like this to
and a single line something like this to /etc/inetd.conf:
.PP
.nf
- rsync stream tcp nowait root /usr/bin/rsync rsyncd \-\-daemon
+ rsync stream tcp nowait root ${PREFIX}/bin/rsync rsyncd \-\-daemon
.fi
.PP
-Replace \(dq\&/usr/bin/rsync\(dq\& with the path to where you have rsync installed on
-your system. You will then need to send inetd a HUP signal to tell it to
+You will then need to send inetd a HUP signal to tell it to
reread its config file.
.PP
Note that you should \fBnot\fP send the rsync daemon a HUP signal to force
@@ -405,7 +404,7 @@ This parameter specifies the user name or user ID that
file transfers to and from that module should take place as when the daemon
was run as root. In combination with the \(dq\&gid\(dq\& parameter this determines what
file permissions are available. The default when run by a super\-user is to
-switch to the system\(cq\&s \(dq\&nobody\(dq\& user. The default for a non\-super\-user is to
+switch to the system\(cq\&s \(dq\&_rsync\(dq\& user. The default for a non\-super\-user is to
not try to change the user. See also the \(dq\&gid\(dq\& parameter.
.IP
The RSYNC_USER_NAME environment variable may be used to request that rsync run
@@ -424,7 +423,7 @@ used when accessing the module. The first one will be
any extra ones be set as supplemental groups. You may also specify a \(dq\&*\(dq\& as
the first gid in the list, which will be replaced by all the normal groups for
the transfer\(cq\&s user (see \(dq\&uid\(dq\&). The default when run by a super\-user is to
-switch to your OS\(cq\&s \(dq\&nobody\(dq\& (or perhaps \(dq\&nogroup\(dq\&) group with no other
+switch to the \(dq\&_rsync\(dq\& group with no other
supplementary groups. The default for a non\-super\-user is to not change any
group attributes (and indeed, your OS may not allow a non\-super\-user to try to
change their group settings).
@@ -584,7 +583,7 @@ require that you specify a group password if you do no
passwords.
.IP
There is no default for the \(dq\&secrets file\(dq\& parameter, you must choose a name
-(such as \f(CW/etc/rsyncd.secrets\fP). The file must normally not be readable
+(such as \f(CW${SYSCONFDIR}/rsyncd.secrets\fP). The file must normally not be readable
by \(dq\&other\(dq\&; see \(dq\&strict modes\(dq\&. If the file is not found or is rejected, no
logins for a \(dq\&user auth\(dq\& module will be possible.
.IP
@@ -985,8 +984,8 @@ A more sophisticated example would be:
.PP
.nf
-uid = nobody
-gid = nobody
+uid = _rsync
+gid = _rsync
use chroot = yes
max connections = 4
syslog facility = local5
@@ -1012,12 +1011,12 @@ pid file = /var/run/rsyncd.pid
path = /data/cvs
comment = CVS repository (requires authentication)
auth users = tridge, susan
- secrets file = /etc/rsyncd.secrets
+ secrets file = ${SYSCONFDIR}/rsyncd.secrets
.fi
.PP
-The /etc/rsyncd.secrets file would look something like this:
+The ${SYSCONFDIR}/rsyncd.secrets file would look something like this:
.PP
.RS
\f(CWtridge:mypass\fP
@@ -1030,7 +1029,7 @@ The /etc/rsyncd.secrets file would look something like
.SH "FILES"
.PP
-/etc/rsyncd.conf or rsyncd.conf
+${SYSCONFDIR}/rsyncd.conf or rsyncd.conf
.PP
.SH "SEE ALSO"
Reference in New Issue View Git Blame Copy Permalink