summaryrefslogtreecommitdiffstats
path: root/rsyncd.conf.5.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 16:14:31 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 16:14:31 +0000
commit2d5707c7479eacb3b1ad98e01b53f56a88f8fb78 (patch)
treed9c334e83692851c02e3e1b8e65570c97bc82481 /rsyncd.conf.5.html
parentInitial commit. (diff)
downloadrsync-2d5707c7479eacb3b1ad98e01b53f56a88f8fb78.tar.xz
rsync-2d5707c7479eacb3b1ad98e01b53f56a88f8fb78.zip
Adding upstream version 3.2.7.upstream/3.2.7
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'rsyncd.conf.5.html')
-rw-r--r--rsyncd.conf.5.html1205
1 files changed, 1205 insertions, 0 deletions
diff --git a/rsyncd.conf.5.html b/rsyncd.conf.5.html
new file mode 100644
index 0000000..02f67ed
--- /dev/null
+++ b/rsyncd.conf.5.html
@@ -0,0 +1,1205 @@
+<html><head>
+<title>rsyncd.conf(5) manpage</title>
+<meta charset="UTF-8"/>
+<link href="https://fonts.googleapis.com/css2?family=Roboto&family=Roboto+Mono&display=swap" rel="stylesheet">
+<style>
+body {
+ max-width: 50em;
+ margin: auto;
+}
+body, b, strong, u {
+ font-family: 'Roboto', sans-serif;
+}
+a.tgt { font-face: symbol; font-weight: 400; font-size: 70%; visibility: hidden; text-decoration: none; color: #ddd; padding: 0 4px; border: 0; }
+a.tgt:after { content: '🔗'; }
+a.tgt:hover { color: #444; background-color: #eaeaea; }
+h1:hover > a.tgt, h2:hover > a.tgt, h3:hover > a.tgt, dt:hover > a.tgt { visibility: visible; }
+code {
+ font-family: 'Roboto Mono', monospace;
+ font-weight: bold;
+ white-space: pre;
+}
+pre code {
+ display: block;
+ font-weight: normal;
+}
+blockquote pre code {
+ background: #f1f1f1;
+}
+dd p:first-of-type {
+ margin-block-start: 0em;
+}
+</style>
+</head><body>
+<h2 id="NAME">NAME<a href="#NAME" class="tgt"></a></h2>
+<p>rsyncd.conf -&#8288; configuration file for rsync in daemon mode</p>
+<h2 id="SYNOPSIS">SYNOPSIS<a href="#SYNOPSIS" class="tgt"></a></h2>
+<p>rsyncd.conf</p>
+<p>The online version of this manpage (that includes cross-linking of topics)
+is available at <a href="https://download.samba.org/pub/rsync/rsyncd.conf.5">https://download.samba.org/pub/rsync/rsyncd.conf.5</a>.</p>
+<h2 id="DESCRIPTION">DESCRIPTION<a href="#DESCRIPTION" class="tgt"></a></h2>
+<p>The rsyncd.conf file is the runtime configuration file for rsync when run as an
+rsync daemon.</p>
+<p>The rsyncd.conf file controls authentication, access, logging and available
+modules.</p>
+<h2 id="FILE_FORMAT">FILE FORMAT<a href="#FILE_FORMAT" class="tgt"></a></h2>
+<p>The file consists of modules and parameters. A module begins with the name of
+the module in square brackets and continues until the next module begins.
+Modules contain parameters of the form <code>name = value</code>.</p>
+<p>The file is line-based&nbsp;-&#8288;-&#8288; that is, each newline-terminated line represents
+either a comment, a module name or a parameter.</p>
+<p>Only the first equals sign in a parameter is significant. Whitespace before or
+after the first equals sign is discarded. Leading, trailing and internal
+whitespace in module and parameter names is irrelevant. Leading and trailing
+whitespace in a parameter value is discarded. Internal whitespace within a
+parameter value is retained verbatim.</p>
+<p>Any line <strong>beginning</strong> with a hash (<code>#</code>) is ignored, as are lines containing
+only whitespace. (If a hash occurs after anything other than leading
+whitespace, it is considered a part of the line's content.)</p>
+<p>Any line ending in a <code>\</code> is &quot;continued&quot; on the next line in the customary UNIX
+fashion.</p>
+<p>The values following the equals sign in parameters are all either a string (no
+quotes needed) or a boolean, which may be given as yes/no, 0/1 or true/false.
+Case is not significant in boolean values, but is preserved in string values.</p>
+<h2 id="LAUNCHING_THE_RSYNC_DAEMON">LAUNCHING THE RSYNC DAEMON<a href="#LAUNCHING_THE_RSYNC_DAEMON" class="tgt"></a></h2>
+<p>The rsync daemon is launched by specifying the <code>--daemon</code> option to rsync.</p>
+<p>The daemon must run with root privileges if you wish to use chroot, to bind to
+a port numbered under 1024 (as is the default 873), or to set file ownership.
+Otherwise, it must just have permission to read and write the appropriate data,
+log, and lock files.</p>
+<p>You can launch it either via inetd, as a stand-alone daemon, or from an rsync
+client via a remote shell. If run as a stand-alone daemon then just run the
+command &quot;<code>rsync --daemon</code>&quot; from a suitable startup script.</p>
+<p>When run via inetd you should add a line like this to /etc/services:</p>
+<blockquote>
+<pre><code>rsync 873/tcp
+</code></pre>
+</blockquote>
+<p>and a single line something like this to /etc/inetd.conf:</p>
+<blockquote>
+<pre><code>rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon
+</code></pre>
+</blockquote>
+<p>Replace &quot;/usr/bin/rsync&quot; with the path to where you have rsync installed on
+your system. You will then need to send inetd a HUP signal to tell it to
+reread its config file.</p>
+<p>Note that you should <strong>not</strong> send the rsync daemon a HUP signal to force it to
+reread the <code>rsyncd.conf</code> file. The file is re-read on each client connection.</p>
+<h2 id="GLOBAL_PARAMETERS">GLOBAL PARAMETERS<a href="#GLOBAL_PARAMETERS" class="tgt"></a></h2>
+<p>The first parameters in the file (before a [module] header) are the global
+parameters. Rsync also allows for the use of a &quot;[global]&quot; module name to
+indicate the start of one or more global-parameter sections (the name must be
+lower case).</p>
+<p>You may also include any module parameters in the global part of the config
+file in which case the supplied value will override the default for that
+parameter.</p>
+<p>You may use references to environment variables in the values of parameters.
+String parameters will have %VAR% references expanded as late as possible (when
+the string is first used in the program), allowing for the use of variables
+that rsync sets at connection time, such as RSYNC_USER_NAME. Non-string
+parameters (such as true/false settings) are expanded when read from the config
+file. If a variable does not exist in the environment, or if a sequence of
+characters is not a valid reference (such as an un-paired percent sign), the
+raw characters are passed through unchanged. This helps with backward
+compatibility and safety (e.g. expanding a non-existent %VAR% to an empty
+string in a path could result in a very unsafe path). The safest way to insert
+a literal % into a value is to use %%.</p>
+<dl>
+
+<dt id="motd_file"><code>motd file</code><a href="#motd_file" class="tgt"></a></dt><dd>
+<p>This parameter allows you to specify a &quot;message of the day&quot; (MOTD) to display
+to clients on each connect. This usually contains site information and any
+legal notices. The default is no MOTD file. This can be overridden by the
+<code>--dparam=motdfile=FILE</code> command-line option when starting the daemon.</p>
+</dd>
+
+<dt id="pid_file"><code>pid file</code><a href="#pid_file" class="tgt"></a></dt><dd>
+<p>This parameter tells the rsync daemon to write its process ID to that file.
+The rsync keeps the file locked so that it can know when it is safe to
+overwrite an existing file.</p>
+<p>The filename can be overridden by the <code>--dparam=pidfile=FILE</code> command-line
+option when starting the daemon.</p>
+</dd>
+
+<dt id="port"><code>port</code><a href="#port" class="tgt"></a></dt><dd>
+<p>You can override the default port the daemon will listen on by specifying
+this value (defaults to 873). This is ignored if the daemon is being run
+by inetd, and is superseded by the <code>--port</code> command-line option.</p>
+</dd>
+
+<dt id="address"><code>address</code><a href="#address" class="tgt"></a></dt><dd>
+<p>You can override the default IP address the daemon will listen on by
+specifying this value. This is ignored if the daemon is being run by
+inetd, and is superseded by the <code>--address</code> command-line option.</p>
+</dd>
+
+<dt id="socket_options"><code>socket options</code><a href="#socket_options" class="tgt"></a></dt><dd>
+<p>This parameter can provide endless fun for people who like to tune their
+systems to the utmost degree. You can set all sorts of socket options which
+may make transfers faster (or slower!). Read the manpage for the
+<strong>setsockopt()</strong> system call for details on some of the options you may be
+able to set. By default no special socket options are set. These settings
+can also be specified via the <code>--sockopts</code> command-line option.</p>
+</dd>
+
+<dt id="listen_backlog"><code>listen backlog</code><a href="#listen_backlog" class="tgt"></a></dt><dd>
+<p>You can override the default backlog value when the daemon listens for
+connections. It defaults to 5.</p>
+</dd>
+</dl>
+<h2 id="MODULE_PARAMETERS">MODULE PARAMETERS<a href="#MODULE_PARAMETERS" class="tgt"></a></h2>
+<p>After the global parameters you should define a number of modules, each module
+exports a directory tree as a symbolic name. Modules are exported by specifying
+a module name in square brackets [module] followed by the parameters for that
+module. The module name cannot contain a slash or a closing square bracket.
+If the name contains whitespace, each internal sequence of whitespace will be
+changed into a single space, while leading or trailing whitespace will be
+discarded. Also, the name cannot be &quot;global&quot; as that exact name indicates that
+global parameters follow (see above).</p>
+<p>As with GLOBAL PARAMETERS, you may use references to environment variables in
+the values of parameters. See the GLOBAL PARAMETERS section for more details.</p>
+<dl>
+
+<dt id="comment"><code>comment</code><a href="#comment" class="tgt"></a></dt><dd>
+<p>This parameter specifies a description string that is displayed next to the
+module name when clients obtain a list of available modules. The default is
+no comment.</p>
+</dd>
+
+<dt id="path"><code>path</code><a href="#path" class="tgt"></a></dt><dd>
+<p>This parameter specifies the directory in the daemon's filesystem to make
+available in this module. You must specify this parameter for each module
+in <code>rsyncd.conf</code>.</p>
+<p>If the value contains a &quot;/./&quot; element then the path will be divided at that
+point into a chroot dir and an inner-chroot subdir. If <a href="#use_chroot"><code>use chroot</code></a>
+is set to false, though, the extraneous dot dir is just cleaned out of the
+path. An example of this idiom is:</p>
+<blockquote>
+<pre><code>path = /var/rsync/./module1
+</code></pre>
+</blockquote>
+<p>This will (when chrooting) chroot to &quot;/var/rsync&quot; and set the inside-chroot
+path to &quot;/module1&quot;.</p>
+<p>You may base the path's value off of an environment variable by surrounding
+the variable name with percent signs. You can even reference a variable
+that is set by rsync when the user connects. For example, this would use
+the authorizing user's name in the path:</p>
+<blockquote>
+<pre><code>path = /home/%RSYNC_USER_NAME%
+</code></pre>
+</blockquote>
+<p>It is fine if the path includes internal spaces&nbsp;-&#8288;-&#8288; they will be retained
+verbatim (which means that you shouldn't try to escape them). If your
+final directory has a trailing space (and this is somehow not something you
+wish to fix), append a trailing slash to the path to avoid losing the
+trailing whitespace.</p>
+</dd>
+
+<dt id="use_chroot"><code>use chroot</code><a href="#use_chroot" class="tgt"></a></dt><dd>
+<p>If &quot;use chroot&quot; is true, the rsync daemon will chroot to the &quot;<a href="#path">path</a>&quot; before
+starting the file transfer with the client. This has the advantage of
+extra protection against possible implementation security holes, but it has
+the disadvantages of requiring super-user privileges, of not being able to
+follow symbolic links that are either absolute or outside of the new root
+path, and of complicating the preservation of users and groups by name (see
+below).</p>
+<p>If <code>use chroot</code> is not set, it defaults to trying to enable a chroot but
+allows the daemon to continue (after logging a warning) if it fails. The
+one exception to this is when a module's <a href="#path"><code>path</code></a> has a &quot;/./&quot; chroot
+divider in it&nbsp;-&#8288;-&#8288; this causes an unset value to be treated as true for that
+module.</p>
+<p>Prior to rsync 3.2.7, the default value was &quot;true&quot;. The new &quot;unset&quot;
+default makes it easier to setup an rsync daemon as a non-root user or to
+run a daemon on a system where chroot fails. Explicitly setting the value
+to &quot;true&quot; in rsyncd.conf will always require the chroot to succeed.</p>
+<p>It is also possible to specify a dot-dir in the module's &quot;<a href="#path">path</a>&quot; to
+indicate that you want to chdir to the earlier part of the path and then
+serve files from inside the latter part of the path (with sanitizing and
+default symlink munging). This can be useful if you need some library dirs
+inside the chroot (typically for uid &amp; gid lookups) but don't want to put
+the lib dir into the top of the served path (even though they can be hidden
+with an <a href="#exclude"><code>exclude</code></a> directive). However, a better choice for a modern
+rsync setup is to use a <a href="#name_converter"><code>name converter</code></a>&quot; and try to avoid inner lib
+dirs altogether. See also the <a href="#daemon_chroot"><code>daemon chroot</code></a> parameter, which causes
+rsync to chroot into its own chroot area before doing any path-related
+chrooting.</p>
+<p>If the daemon is serving the &quot;/&quot; dir (either directly or due to being
+chrooted to the module's path), rsync does not do any path sanitizing or
+(default) munging.</p>
+<p>When it has to limit access to a particular subdir (either due to chroot
+being disabled or having an inside-chroot path set), rsync will munge
+symlinks (by default) and sanitize paths. Those that dislike munged
+symlinks (and really, really trust their users to not break out of the
+subdir) can disable the symlink munging via the &quot;<a href="#munge_symlinks">munge symlinks</a>&quot;
+parameter.</p>
+<p>When rsync is sanitizing paths, it trims &quot;..&quot; path elements from args that
+it believes would escape the module hierarchy. It also substitutes leading
+slashes in absolute paths with the module's path (so that options such as
+<code>--backup-dir</code> &amp; <code>--compare-dest</code> interpret an absolute path as rooted in
+the module's &quot;<a href="#path">path</a>&quot; dir).</p>
+<p>When a chroot is in effect <u>and</u> the &quot;<a href="#name_converter">name converter</a>&quot; parameter is
+<u>not</u> set, the &quot;<a href="#numeric_ids">numeric ids</a>&quot; parameter will default to being enabled
+(disabling name lookups). This means that if you manually setup
+name-lookup libraries in your chroot (instead of using a name converter)
+that you need to explicitly set <code>numeric ids = false</code> for rsync to do name
+lookups.</p>
+<p>If you copy library resources into the module's chroot area, you should
+protect them through your OS's normal user/group or ACL settings (to
+prevent the rsync module's user from being able to change them), and then
+hide them from the user's view via &quot;<a href="#exclude">exclude</a>&quot; (see how in the discussion of
+that parameter). However, it's easier and safer to setup a name converter.</p>
+</dd>
+
+<dt id="daemon_chroot"><code>daemon chroot</code><a href="#daemon_chroot" class="tgt"></a></dt><dd>
+<p>This parameter specifies a path to which the daemon will chroot before
+beginning communication with clients. Module paths (and any &quot;<a href="#use_chroot">use chroot</a>&quot;
+settings) will then be related to this one. This lets you choose if you
+want the whole daemon to be chrooted (with this setting), just the
+transfers to be chrooted (with &quot;<a href="#use_chroot">use chroot</a>&quot;), or both. Keep in mind that
+the &quot;daemon chroot&quot; area may need various OS/lib/etc files installed to
+allow the daemon to function. By default the daemon runs without any
+chrooting.</p>
+</dd>
+
+<dt id="proxy_protocol"><code>proxy protocol</code><a href="#proxy_protocol" class="tgt"></a></dt><dd>
+<p>When this parameter is enabled, all incoming connections must start with a
+V1 or V2 proxy protocol header. If the header is not found, the connection
+is closed.</p>
+<p>Setting this to <code>true</code> requires a proxy server to forward source IP
+information to rsync, allowing you to log proper IP/host info and make use
+of client-oriented IP restrictions. The default of <code>false</code> means that the
+IP information comes directly from the socket's metadata. If rsync is not
+behind a proxy, this should be disabled.</p>
+<p><u>CAUTION</u>: using this option can be dangerous if you do not ensure that
+only the proxy is allowed to connect to the rsync port. If any non-proxied
+connections are allowed through, the client will be able to use a modified
+rsync to spoof any remote IP address that they desire. You can lock this
+down using something like iptables <code>-uid-owner root</code> rules (for strict
+localhost access), various firewall rules, or you can require password
+authorization so that any spoofing by users will not grant extra access.</p>
+<p>This setting is global. If you need some modules to require this and not
+others, then you will need to setup multiple rsync daemon processes on
+different ports.</p>
+</dd>
+
+<dt id="name_converter"><code>name converter</code><a href="#name_converter" class="tgt"></a></dt><dd>
+<p>This parameter lets you specify a program that will be run by the rsync
+daemon to do user &amp; group conversions between names &amp; ids. This script
+is started prior to any chroot being setup, and runs as the daemon user
+(not the transfer user). You can specify a fully qualified pathname or
+a program name that is on the $PATH.</p>
+<p>The program can be used to do normal user &amp; group lookups without having to
+put any extra files into the chroot area of the module <u>or</u> you can do
+customized conversions.</p>
+<p>The nameconvert program has access to all of the environment variables that
+are described in the section on <code>pre-xfer exec</code>. This is useful if you
+want to customize the conversion using information about the module and/or
+the copy request.</p>
+<p>There is a sample python script in the support dir named &quot;nameconvert&quot; that
+implements the normal user &amp; group lookups. Feel free to customize it or
+just use it as documentation to implement your own.</p>
+</dd>
+
+<dt id="numeric_ids"><code>numeric ids</code><a href="#numeric_ids" class="tgt"></a></dt><dd>
+<p>Enabling this parameter disables the mapping of users and groups by name
+for the current daemon module. This prevents the daemon from trying to
+load any user/group-related files or libraries. This enabling makes the
+transfer behave as if the client had passed the <code>--numeric-ids</code>
+command-line option. By default, this parameter is enabled for chroot
+modules and disabled for non-chroot modules. Also keep in mind that
+uid/gid preservation requires the module to be running as root (see &quot;<a href="#uid">uid</a>&quot;)
+or for &quot;<a href="#fake_super">fake super</a>&quot; to be configured.</p>
+<p>A chroot-enabled module should not have this parameter set to false unless
+you're using a &quot;<a href="#name_converter">name converter</a>&quot; program <u>or</u> you've taken steps to ensure
+that the module has the necessary resources it needs to translate names and
+that it is not possible for a user to change those resources.</p>
+</dd>
+
+<dt id="munge_symlinks"><code>munge symlinks</code><a href="#munge_symlinks" class="tgt"></a></dt><dd>
+<p>This parameter tells rsync to modify all symlinks in the same way as the
+(non-daemon-affecting) <code>--munge-links</code> command-line option (using a method
+described below). This should help protect your files from user trickery
+when your daemon module is writable. The default is disabled when
+&quot;<a href="#use_chroot">use chroot</a>&quot; is on with an inside-chroot path of &quot;/&quot;, OR if &quot;<a href="#daemon_chroot">daemon chroot</a>&quot;
+is on, otherwise it is enabled.</p>
+<p>If you disable this parameter on a daemon that is not read-only, there are
+tricks that a user can play with uploaded symlinks to access
+daemon-excluded items (if your module has any), and, if &quot;<a href="#use_chroot">use chroot</a>&quot; is
+off, rsync can even be tricked into showing or changing data that is
+outside the module's path (as access-permissions allow).</p>
+<p>The way rsync disables the use of symlinks is to prefix each one with the
+string &quot;/rsyncd-munged/&quot;. This prevents the links from being used as long
+as that directory does not exist. When this parameter is enabled, rsync
+will refuse to run if that path is a directory or a symlink to a directory.
+When using the &quot;munge symlinks&quot; parameter in a chroot area that has an
+inside-chroot path of &quot;/&quot;, you should add &quot;/rsyncd-munged/&quot; to the exclude
+setting for the module so that a user can't try to create it.</p>
+<p>Note: rsync makes no attempt to verify that any pre-existing symlinks in
+the module's hierarchy are as safe as you want them to be (unless, of
+course, it just copied in the whole hierarchy). If you setup an rsync
+daemon on a new area or locally add symlinks, you can manually protect your
+symlinks from being abused by prefixing &quot;/rsyncd-munged/&quot; to the start of
+every symlink's value. There is a perl script in the support directory of
+the source code named &quot;munge-symlinks&quot; that can be used to add or remove
+this prefix from your symlinks.</p>
+<p>When this parameter is disabled on a writable module and &quot;<a href="#use_chroot">use chroot</a>&quot; is
+off (or the inside-chroot path is not &quot;/&quot;), incoming symlinks will be
+modified to drop a leading slash and to remove &quot;..&quot; path elements that
+rsync believes will allow a symlink to escape the module's hierarchy.
+There are tricky ways to work around this, though, so you had better trust
+your users if you choose this combination of parameters.</p>
+</dd>
+
+<dt id="charset"><code>charset</code><a href="#charset" class="tgt"></a></dt><dd>
+<p>This specifies the name of the character set in which the module's
+filenames are stored. If the client uses an <code>--iconv</code> option, the daemon
+will use the value of the &quot;charset&quot; parameter regardless of the character
+set the client actually passed. This allows the daemon to support charset
+conversion in a chroot module without extra files in the chroot area, and
+also ensures that name-translation is done in a consistent manner. If the
+&quot;charset&quot; parameter is not set, the <code>--iconv</code> option is refused, just as if
+&quot;iconv&quot; had been specified via &quot;<a href="#refuse_options">refuse options</a>&quot;.</p>
+<p>If you wish to force users to always use <code>--iconv</code> for a particular module,
+add &quot;no-iconv&quot; to the &quot;<a href="#refuse_options">refuse options</a>&quot; parameter. Keep in mind that this
+will restrict access to your module to very new rsync clients.</p>
+</dd>
+
+<dt id="max_connections"><code>max connections</code><a href="#max_connections" class="tgt"></a></dt><dd>
+<p>This parameter allows you to specify the maximum number of simultaneous
+connections you will allow. Any clients connecting when the maximum has
+been reached will receive a message telling them to try later. The default
+is 0, which means no limit. A negative value disables the module. See
+also the &quot;<a href="#lock_file">lock file</a>&quot; parameter.</p>
+</dd>
+
+<dt id="log_file"><code>log file</code><a href="#log_file" class="tgt"></a></dt><dd>
+<p>When the &quot;log file&quot; parameter is set to a non-empty string, the rsync
+daemon will log messages to the indicated file rather than using syslog.
+This is particularly useful on systems (such as AIX) where <strong>syslog()</strong>
+doesn't work for chrooted programs. The file is opened before <strong>chroot()</strong>
+is called, allowing it to be placed outside the transfer. If this value is
+set on a per-module basis instead of globally, the global log will still
+contain any authorization failures or config-file error messages.</p>
+<p>If the daemon fails to open the specified file, it will fall back to using
+syslog and output an error about the failure. (Note that the failure to
+open the specified log file used to be a fatal error.)</p>
+<p>This setting can be overridden by using the <code>--log-file=FILE</code> or
+<code>--dparam=logfile=FILE</code> command-line options. The former overrides all the
+log-file parameters of the daemon and all module settings. The latter sets
+the daemon's log file and the default for all the modules, which still
+allows modules to override the default setting.</p>
+</dd>
+
+<dt id="syslog_facility"><code>syslog facility</code><a href="#syslog_facility" class="tgt"></a></dt><dd>
+<p>This parameter allows you to specify the syslog facility name to use when
+logging messages from the rsync daemon. You may use any standard syslog
+facility name which is defined on your system. Common names are auth,
+authpriv, cron, daemon, ftp, kern, lpr, mail, news, security, syslog, user,
+uucp, local0, local1, local2, local3, local4, local5, local6 and local7.
+The default is daemon. This setting has no effect if the &quot;<a href="#log_file">log file</a>&quot;
+setting is a non-empty string (either set in the per-modules settings, or
+inherited from the global settings).</p>
+</dd>
+
+<dt id="syslog_tag"><code>syslog tag</code><a href="#syslog_tag" class="tgt"></a></dt><dd>
+<p>This parameter allows you to specify the syslog tag to use when logging
+messages from the rsync daemon. The default is &quot;rsyncd&quot;. This setting has
+no effect if the &quot;<a href="#log_file">log file</a>&quot; setting is a non-empty string (either set in
+the per-modules settings, or inherited from the global settings).</p>
+<p>For example, if you wanted each authenticated user's name to be included in
+the syslog tag, you could do something like this:</p>
+<blockquote>
+<pre><code>syslog tag = rsyncd.%RSYNC_USER_NAME%
+</code></pre>
+</blockquote>
+</dd>
+
+<dt id="max_verbosity"><code>max verbosity</code><a href="#max_verbosity" class="tgt"></a></dt><dd>
+<p>This parameter allows you to control the maximum amount of verbose
+information that you'll allow the daemon to generate (since the information
+goes into the log file). The default is 1, which allows the client to
+request one level of verbosity.</p>
+<p>This also affects the user's ability to request higher levels of <code>--info</code>
+and <code>--debug</code> logging. If the max value is 2, then no info and/or debug
+value that is higher than what would be set by <code>-vv</code> will be honored by the
+daemon in its logging. To see how high of a verbosity level you need to
+accept for a particular info/debug level, refer to <code>rsync --info=help</code> and
+<code>rsync --debug=help</code>. For instance, it takes max-verbosity 4 to be able to
+output debug TIME2 and FLIST3.</p>
+</dd>
+
+<dt id="lock_file"><code>lock file</code><a href="#lock_file" class="tgt"></a></dt><dd>
+<p>This parameter specifies the file to use to support the &quot;<a href="#max_connections">max connections</a>&quot;
+parameter. The rsync daemon uses record locking on this file to ensure that
+the max connections limit is not exceeded for the modules sharing the lock
+file. The default is <code>/var/run/rsyncd.lock</code>.</p>
+</dd>
+
+<dt id="read_only"><code>read only</code><a href="#read_only" class="tgt"></a></dt><dd>
+<p>This parameter determines whether clients will be able to upload files or
+not. If &quot;read only&quot; is true then any attempted uploads will fail. If
+&quot;read only&quot; is false then uploads will be possible if file permissions on
+the daemon side allow them. The default is for all modules to be read only.</p>
+<p>Note that &quot;<a href="#auth_users">auth users</a>&quot; can override this setting on a per-user basis.</p>
+</dd>
+
+<dt id="write_only"><code>write only</code><a href="#write_only" class="tgt"></a></dt><dd>
+<p>This parameter determines whether clients will be able to download files or
+not. If &quot;write only&quot; is true then any attempted downloads will fail. If
+&quot;write only&quot; is false then downloads will be possible if file permissions
+on the daemon side allow them. The default is for this parameter to be
+disabled.</p>
+<p>Helpful hint: you probably want to specify &quot;refuse options = delete&quot; for a
+write-only module.</p>
+</dd>
+
+<dt id="open_noatime"><code>open noatime</code><a href="#open_noatime" class="tgt"></a></dt><dd>
+<p>When set to True, this parameter tells the rsync daemon to open files with
+the O_NOATIME flag
+(on systems that support it) to avoid changing the access time of the files
+that are being transferred. If your OS does not support the O_NOATIME flag
+then rsync will silently ignore this option. Note also that some
+filesystems are mounted to avoid updating the atime on read access even
+without the O_NOATIME flag being set.</p>
+<p>When set to False, this parameters ensures that files on the server are not
+opened with O_NOATIME.</p>
+<p>When set to Unset (the default) the user controls the setting via
+<code>--open-noatime</code>.</p>
+</dd>
+
+<dt id="list"><code>list</code><a href="#list" class="tgt"></a></dt><dd>
+<p>This parameter determines whether this module is listed when the client
+asks for a listing of available modules. In addition, if this is false,
+the daemon will pretend the module does not exist when a client denied by
+&quot;<a href="#hosts_allow">hosts allow</a>&quot; or &quot;<a href="#hosts_deny">hosts deny</a>&quot; attempts to access it. Realize that if
+&quot;<a href="#reverse_lookup">reverse lookup</a>&quot; is disabled globally but enabled for the module, the
+resulting reverse lookup to a potentially client-controlled DNS server may
+still reveal to the client that it hit an existing module. The default is
+for modules to be listable.</p>
+</dd>
+
+<dt id="uid"><code>uid</code><a href="#uid" class="tgt"></a></dt><dd>
+<p>This parameter specifies the user name or user ID that file transfers to
+and from that module should take place as when the daemon was run as root.
+In combination with the &quot;<a href="#gid">gid</a>&quot; parameter this determines what file
+permissions are available. The default when run by a super-user is to
+switch to the system's &quot;nobody&quot; user. The default for a non-super-user is
+to not try to change the user. See also the &quot;<a href="#gid">gid</a>&quot; parameter.</p>
+<p>The RSYNC_USER_NAME environment variable may be used to request that rsync
+run as the authorizing user. For example, if you want a rsync to run as
+the same user that was received for the rsync authentication, this setup is
+useful:</p>
+<blockquote>
+<pre><code>uid = %RSYNC_USER_NAME%
+gid = *
+</code></pre>
+</blockquote>
+</dd>
+
+<dt id="gid"><code>gid</code><a href="#gid" class="tgt"></a></dt><dd>
+<p>This parameter specifies one or more group names/IDs that will be used when
+accessing the module. The first one will be the default group, and any
+extra ones be set as supplemental groups. You may also specify a &quot;<code>*</code>&quot; as
+the first gid in the list, which will be replaced by all the normal groups
+for the transfer's user (see &quot;<a href="#uid">uid</a>&quot;). The default when run by a super-user
+is to switch to your OS's &quot;nobody&quot; (or perhaps &quot;nogroup&quot;) group with no
+other supplementary groups. The default for a non-super-user is to not
+change any group attributes (and indeed, your OS may not allow a
+non-super-user to try to change their group settings).</p>
+<p>The specified list is normally split into tokens based on spaces and
+commas. However, if the list starts with a comma, then the list is only
+split on commas, which allows a group name to contain a space. In either
+case any leading and/or trailing whitespace is removed from the tokens and
+empty tokens are ignored.</p>
+</dd>
+
+<dt id="daemon_uid"><code>daemon uid</code><a href="#daemon_uid" class="tgt"></a></dt><dd>
+<p>This parameter specifies a uid under which the daemon will run. The daemon
+usually runs as user root, and when this is left unset the user is left
+unchanged. See also the &quot;<a href="#uid">uid</a>&quot; parameter.</p>
+</dd>
+
+<dt id="daemon_gid"><code>daemon gid</code><a href="#daemon_gid" class="tgt"></a></dt><dd>
+<p>This parameter specifies a gid under which the daemon will run. The daemon
+usually runs as group root, and when this is left unset, the group is left
+unchanged. See also the &quot;<a href="#gid">gid</a>&quot; parameter.</p>
+</dd>
+
+<dt id="fake_super"><code>fake super</code><a href="#fake_super" class="tgt"></a></dt><dd>
+<p>Setting &quot;fake super = yes&quot; for a module causes the daemon side to behave as
+if the <code>--fake-super</code> command-line option had been specified. This allows
+the full attributes of a file to be stored without having to have the
+daemon actually running as root.</p>
+</dd>
+
+<dt id="filter"><code>filter</code><a href="#filter" class="tgt"></a></dt><dd>
+<p>The daemon has its own filter chain that determines what files it will let
+the client access. This chain is not sent to the client and is independent
+of any filters the client may have specified. Files excluded by the daemon
+filter chain (<code>daemon-excluded</code> files) are treated as non-existent if the
+client tries to pull them, are skipped with an error message if the client
+tries to push them (triggering exit code 23), and are never deleted from
+the module. You can use daemon filters to prevent clients from downloading
+or tampering with private administrative files, such as files you may add
+to support uid/gid name translations.</p>
+<p>The daemon filter chain is built from the &quot;filter&quot;, &quot;<a href="#include_from">include from</a>&quot;,
+&quot;<a href="#include">include</a>&quot;, &quot;<a href="#exclude_from">exclude from</a>&quot;, and &quot;<a href="#exclude">exclude</a>&quot; parameters, in that order of
+priority. Anchored patterns are anchored at the root of the module. To
+prevent access to an entire subtree, for example, &quot;<code>/secret</code>&quot;, you <strong>must</strong>
+exclude everything in the subtree; the easiest way to do this is with a
+triple-star pattern like &quot;<code>/secret/***</code>&quot;.</p>
+<p>The &quot;filter&quot; parameter takes a space-separated list of daemon filter rules,
+though it is smart enough to know not to split a token at an internal space
+in a rule (e.g. &quot;<code>- /foo - /bar</code>&quot; is parsed as two rules). You may specify
+one or more merge-file rules using the normal syntax. Only one &quot;filter&quot;
+parameter can apply to a given module in the config file, so put all the
+rules you want in a single parameter. Note that per-directory merge-file
+rules do not provide as much protection as global rules, but they can be
+used to make <code>--delete</code> work better during a client download operation if
+the per-dir merge files are included in the transfer and the client
+requests that they be used.</p>
+</dd>
+
+<dt id="exclude"><code>exclude</code><a href="#exclude" class="tgt"></a></dt><dd>
+<p>This parameter takes a space-separated list of daemon exclude patterns. As
+with the client <code>--exclude</code> option, patterns can be qualified with &quot;<code>- </code>&quot; or
+&quot;<code>+ </code>&quot; to explicitly indicate exclude/include. Only one &quot;exclude&quot; parameter
+can apply to a given module. See the &quot;filter&quot; parameter for a description
+of how excluded files affect the daemon.</p>
+</dd>
+
+<dt id="include"><code>include</code><a href="#include" class="tgt"></a></dt><dd>
+<p>Use an &quot;include&quot; to override the effects of the &quot;<a href="#exclude">exclude</a>&quot; parameter. Only
+one &quot;include&quot; parameter can apply to a given module. See the &quot;<a href="#filter">filter</a>&quot;
+parameter for a description of how excluded files affect the daemon.</p>
+</dd>
+
+<dt id="exclude_from"><code>exclude from</code><a href="#exclude_from" class="tgt"></a></dt><dd>
+<p>This parameter specifies the name of a file on the daemon that contains
+daemon exclude patterns, one per line. Only one &quot;exclude from&quot; parameter
+can apply to a given module; if you have multiple exclude-from files, you
+can specify them as a merge file in the &quot;<a href="#filter">filter</a>&quot; parameter. See the
+&quot;<a href="#filter">filter</a>&quot; parameter for a description of how excluded files affect the
+daemon.</p>
+</dd>
+
+<dt id="include_from"><code>include from</code><a href="#include_from" class="tgt"></a></dt><dd>
+<p>Analogue of &quot;<a href="#exclude_from">exclude from</a>&quot; for a file of daemon include patterns. Only one
+&quot;include from&quot; parameter can apply to a given module. See the &quot;<a href="#filter">filter</a>&quot;
+parameter for a description of how excluded files affect the daemon.</p>
+</dd>
+
+<dt id="incoming_chmod"><code>incoming chmod</code><a href="#incoming_chmod" class="tgt"></a></dt><dd>
+<p>This parameter allows you to specify a set of comma-separated chmod strings
+that will affect the permissions of all incoming files (files that are
+being received by the daemon). These changes happen after all other
+permission calculations, and this will even override destination-default
+and/or existing permissions when the client does not specify <code>--perms</code>.
+See the description of the <code>--chmod</code> rsync option and the <strong>chmod</strong>(1)
+manpage for information on the format of this string.</p>
+</dd>
+
+<dt id="outgoing_chmod"><code>outgoing chmod</code><a href="#outgoing_chmod" class="tgt"></a></dt><dd>
+<p>This parameter allows you to specify a set of comma-separated chmod strings
+that will affect the permissions of all outgoing files (files that are
+being sent out from the daemon). These changes happen first, making the
+sent permissions appear to be different than those stored in the filesystem
+itself. For instance, you could disable group write permissions on the
+server while having it appear to be on to the clients. See the description
+of the <code>--chmod</code> rsync option and the <strong>chmod</strong>(1) manpage for information
+on the format of this string.</p>
+</dd>
+
+<dt id="auth_users"><code>auth users</code><a href="#auth_users" class="tgt"></a></dt><dd>
+<p>This parameter specifies a comma and/or space-separated list of
+authorization rules. In its simplest form, you list the usernames that
+will be allowed to connect to this module. The usernames do not need to
+exist on the local system. The rules may contain shell wildcard characters
+that will be matched against the username provided by the client for
+authentication. If &quot;auth users&quot; is set then the client will be challenged
+to supply a username and password to connect to the module. A challenge
+response authentication protocol is used for this exchange. The plain text
+usernames and passwords are stored in the file specified by the
+&quot;<a href="#secrets_file">secrets file</a>&quot; parameter. The default is for all users to be able to
+connect without a password (this is called &quot;anonymous rsync&quot;).</p>
+<p>In addition to username matching, you can specify groupname matching via a
+'@' prefix. When using groupname matching, the authenticating username
+must be a real user on the system, or it will be assumed to be a member of
+no groups. For example, specifying &quot;@rsync&quot; will match the authenticating
+user if the named user is a member of the rsync group.</p>
+<p>Finally, options may be specified after a colon (:). The options allow you
+to &quot;deny&quot; a user or a group, set the access to &quot;ro&quot; (read-only), or set the
+access to &quot;rw&quot; (read/write). Setting an auth-rule-specific ro/rw setting
+overrides the module's &quot;<a href="#read_only">read only</a>&quot; setting.</p>
+<p>Be sure to put the rules in the order you want them to be matched, because
+the checking stops at the first matching user or group, and that is the
+only auth that is checked. For example:</p>
+<blockquote>
+<pre><code>auth users = joe:deny @guest:deny admin:rw @rsync:ro susan joe sam
+</code></pre>
+</blockquote>
+<p>In the above rule, user joe will be denied access no matter what. Any user
+that is in the group &quot;guest&quot; is also denied access. The user &quot;admin&quot; gets
+access in read/write mode, but only if the admin user is not in group
+&quot;guest&quot; (because the admin user-matching rule would never be reached if the
+user is in group &quot;guest&quot;). Any other user who is in group &quot;rsync&quot; will get
+read-only access. Finally, users susan, joe, and sam get the ro/rw setting
+of the module, but only if the user didn't match an earlier group-matching
+rule.</p>
+<p>If you need to specify a user or group name with a space in it, start your
+list with a comma to indicate that the list should only be split on commas
+(though leading and trailing whitespace will also be removed, and empty
+entries are just ignored). For example:</p>
+<blockquote>
+<pre><code>auth users = , joe:deny, @Some Group:deny, admin:rw, @RO Group:ro
+</code></pre>
+</blockquote>
+<p>See the description of the secrets file for how you can have per-user
+passwords as well as per-group passwords. It also explains how a user can
+authenticate using their user password or (when applicable) a group
+password, depending on what rule is being authenticated.</p>
+<p>See also the section entitled &quot;USING RSYNC-DAEMON FEATURES VIA A REMOTE
+SHELL CONNECTION&quot; in <strong>rsync</strong>(1) for information on how handle an
+rsyncd.conf-level username that differs from the remote-shell-level
+username when using a remote shell to connect to an rsync daemon.</p>
+</dd>
+
+<dt id="secrets_file"><code>secrets file</code><a href="#secrets_file" class="tgt"></a></dt><dd>
+<p>This parameter specifies the name of a file that contains the
+username:password and/or @groupname:password pairs used for authenticating
+this module. This file is only consulted if the &quot;<a href="#auth_users">auth users</a>&quot; parameter is
+specified. The file is line-based and contains one name:password pair per
+line. Any line has a hash (#) as the very first character on the line is
+considered a comment and is skipped. The passwords can contain any
+characters but be warned that many operating systems limit the length of
+passwords that can be typed at the client end, so you may find that
+passwords longer than 8 characters don't work.</p>
+<p>The use of group-specific lines are only relevant when the module is being
+authorized using a matching &quot;@groupname&quot; rule. When that happens, the user
+can be authorized via either their &quot;username:password&quot; line or the
+&quot;@groupname:password&quot; line for the group that triggered the authentication.</p>
+<p>It is up to you what kind of password entries you want to include, either
+users, groups, or both. The use of group rules in &quot;<a href="#auth_users">auth users</a>&quot; does not
+require that you specify a group password if you do not want to use shared
+passwords.</p>
+<p>There is no default for the &quot;secrets file&quot; parameter, you must choose a
+name (such as <code>/etc/rsyncd.secrets</code>). The file must normally not be
+readable by &quot;other&quot;; see &quot;<a href="#strict_modes">strict modes</a>&quot;. If the file is not found or is
+rejected, no logins for an &quot;<a href="#auth_users">auth users</a>&quot; module will be possible.</p>
+</dd>
+
+<dt id="strict_modes"><code>strict modes</code><a href="#strict_modes" class="tgt"></a></dt><dd>
+<p>This parameter determines whether or not the permissions on the secrets
+file will be checked. If &quot;strict modes&quot; is true, then the secrets file
+must not be readable by any user ID other than the one that the rsync
+daemon is running under. If &quot;strict modes&quot; is false, the check is not
+performed. The default is true. This parameter was added to accommodate
+rsync running on the Windows operating system.</p>
+</dd>
+
+<dt id="hosts_allow"><code>hosts allow</code><a href="#hosts_allow" class="tgt"></a></dt><dd>
+<p>This parameter allows you to specify a list of comma- and/or
+whitespace-separated patterns that are matched against a connecting
+client's hostname and IP address. If none of the patterns match, then the
+connection is rejected.</p>
+<p>Each pattern can be in one of six forms:</p>
+<ul>
+<li>a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address of
+the form a:b:c::d:e:f. In this case the incoming machine's IP address
+must match exactly.</li>
+<li>an address/mask in the form ipaddr/n where ipaddr is the IP address and n
+is the number of one bits in the netmask. All IP addresses which match
+the masked IP address will be allowed in.</li>
+<li>an address/mask in the form ipaddr/maskaddr where ipaddr is the IP
+address and maskaddr is the netmask in dotted decimal notation for IPv4,
+or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP
+addresses which match the masked IP address will be allowed in.</li>
+<li>a hostname pattern using wildcards. If the hostname of the connecting IP
+(as determined by a reverse lookup) matches the wildcarded name (using
+the same rules as normal Unix filename matching), the client is allowed
+in. This only works if &quot;<a href="#reverse_lookup">reverse lookup</a>&quot; is enabled (the default).</li>
+<li>a hostname. A plain hostname is matched against the reverse DNS of the
+connecting IP (if &quot;<a href="#reverse_lookup">reverse lookup</a>&quot; is enabled), and/or the IP of the
+given hostname is matched against the connecting IP (if &quot;<a href="#forward_lookup">forward lookup</a>&quot;
+is enabled, as it is by default). Any match will be allowed in.</li>
+<li>an '@' followed by a netgroup name, which will match if the reverse DNS
+of the connecting IP is in the specified netgroup.</li>
+</ul>
+<p>Note IPv6 link-local addresses can have a scope in the address
+specification:</p>
+<blockquote>
+<pre><code>fe80::1%link1
+fe80::%link1/64
+fe80::%link1/ffff:ffff:ffff:ffff::
+</code></pre>
+</blockquote>
+<p>You can also combine &quot;hosts allow&quot; with &quot;<a href="#hosts_deny">hosts deny</a>&quot; as a way to add
+exceptions to your deny list. When both parameters are specified, the
+&quot;hosts allow&quot; parameter is checked first and a match results in the client
+being able to connect. A non-allowed host is then matched against the
+&quot;<a href="#hosts_deny">hosts deny</a>&quot; list to see if it should be rejected. A host that does not
+match either list is allowed to connect.</p>
+<p>The default is no &quot;hosts allow&quot; parameter, which means all hosts can
+connect.</p>
+</dd>
+
+<dt id="hosts_deny"><code>hosts deny</code><a href="#hosts_deny" class="tgt"></a></dt><dd>
+<p>This parameter allows you to specify a list of comma- and/or
+whitespace-separated patterns that are matched against a connecting clients
+hostname and IP address. If the pattern matches then the connection is
+rejected. See the &quot;<a href="#hosts_allow">hosts allow</a>&quot; parameter for more information.</p>
+<p>The default is no &quot;hosts deny&quot; parameter, which means all hosts can
+connect.</p>
+</dd>
+
+<dt id="reverse_lookup"><code>reverse lookup</code><a href="#reverse_lookup" class="tgt"></a></dt><dd>
+<p>Controls whether the daemon performs a reverse lookup on the client's IP
+address to determine its hostname, which is used for &quot;<a href="#hosts_allow">hosts allow</a>&quot; &amp;
+&quot;<a href="#hosts_deny">hosts deny</a>&quot; checks and the &quot;%h&quot; log escape. This is enabled by default,
+but you may wish to disable it to save time if you know the lookup will not
+return a useful result, in which case the daemon will use the name
+&quot;UNDETERMINED&quot; instead.</p>
+<p>If this parameter is enabled globally (even by default), rsync performs the
+lookup as soon as a client connects, so disabling it for a module will not
+avoid the lookup. Thus, you probably want to disable it globally and then
+enable it for modules that need the information.</p>
+</dd>
+
+<dt id="forward_lookup"><code>forward lookup</code><a href="#forward_lookup" class="tgt"></a></dt><dd>
+<p>Controls whether the daemon performs a forward lookup on any hostname
+specified in an hosts allow/deny setting. By default this is enabled,
+allowing the use of an explicit hostname that would not be returned by
+reverse DNS of the connecting IP.</p>
+</dd>
+
+<dt id="ignore_errors"><code>ignore errors</code><a href="#ignore_errors" class="tgt"></a></dt><dd>
+<p>This parameter tells rsyncd to ignore I/O errors on the daemon when
+deciding whether to run the delete phase of the transfer. Normally rsync
+skips the <code>--delete</code> step if any I/O errors have occurred in order to
+prevent disastrous deletion due to a temporary resource shortage or other
+I/O error. In some cases this test is counter productive so you can use
+this parameter to turn off this behavior.</p>
+</dd>
+
+<dt id="ignore_nonreadable"><code>ignore nonreadable</code><a href="#ignore_nonreadable" class="tgt"></a></dt><dd>
+<p>This tells the rsync daemon to completely ignore files that are not
+readable by the user. This is useful for public archives that may have some
+non-readable files among the directories, and the sysadmin doesn't want
+those files to be seen at all.</p>
+</dd>
+
+<dt id="transfer_logging"><code>transfer logging</code><a href="#transfer_logging" class="tgt"></a></dt><dd>
+<p>This parameter enables per-file logging of downloads and uploads in a
+format somewhat similar to that used by ftp daemons. The daemon always
+logs the transfer at the end, so if a transfer is aborted, no mention will
+be made in the log file.</p>
+<p>If you want to customize the log lines, see the &quot;<a href="#log_format">log format</a>&quot; parameter.</p>
+</dd>
+
+<dt id="log_format"><code>log format</code><a href="#log_format" class="tgt"></a></dt><dd>
+<p>This parameter allows you to specify the format used for logging file
+transfers when transfer logging is enabled. The format is a text string
+containing embedded single-character escape sequences prefixed with a
+percent (%) character. An optional numeric field width may also be
+specified between the percent and the escape letter (e.g.
+&quot;<code>%-50n %8l %07p</code>&quot;). In addition, one or more apostrophes may be specified
+prior to a numerical escape to indicate that the numerical value should be
+made more human-readable. The 3 supported levels are the same as for the
+<code>--human-readable</code> command-line option, though the default is for
+human-readability to be off. Each added apostrophe increases the level
+(e.g. &quot;<code>%''l %'b %f</code>&quot;).</p>
+<p>The default log format is &quot;<code>%o %h [%a] %m (%u) %f %l</code>&quot;, and a &quot;<code>%t [%p] </code>&quot;
+is always prefixed when using the &quot;<a href="#log_file">log file</a>&quot; parameter. (A perl script
+that will summarize this default log format is included in the rsync source
+code distribution in the &quot;support&quot; subdirectory: rsyncstats.)</p>
+<p>The single-character escapes that are understood are as follows:</p>
+<ul>
+<li>%a the remote IP address (only available for a daemon)</li>
+<li>%b the number of bytes actually transferred</li>
+<li>%B the permission bits of the file (e.g. rwxrwxrwt)</li>
+<li>%c the total size of the block checksums received for the basis file
+(only when sending)</li>
+<li>%C the full-file checksum if it is known for the file. For older rsync
+protocols/versions, the checksum was salted, and is thus not a useful
+value (and is not displayed when that is the case). For the checksum to
+output for a file, either the <code>--checksum</code> option must be in-effect or
+the file must have been transferred without a salted checksum being used.
+See the <code>--checksum-choice</code> option for a way to choose the algorithm.</li>
+<li>%f the filename (long form on sender; no trailing &quot;/&quot;)</li>
+<li>%G the gid of the file (decimal) or &quot;DEFAULT&quot;</li>
+<li>%h the remote host name (only available for a daemon)</li>
+<li>%i an itemized list of what is being updated</li>
+<li>%l the length of the file in bytes</li>
+<li>%L the string &quot;<code> -&gt; SYMLINK</code>&quot;, &quot;<code> =&gt; HARDLINK</code>&quot;, or &quot;&quot; (where <code>SYMLINK</code>
+or <code>HARDLINK</code> is a filename)</li>
+<li>%m the module name</li>
+<li>%M the last-modified time of the file</li>
+<li>%n the filename (short form; trailing &quot;/&quot; on dir)</li>
+<li>%o the operation, which is &quot;send&quot;, &quot;recv&quot;, or &quot;del.&quot; (the latter includes
+the trailing period)</li>
+<li>%p the process ID of this rsync session</li>
+<li>%P the module path</li>
+<li>%t the current date time</li>
+<li>%u the authenticated username or an empty string</li>
+<li>%U the uid of the file (decimal)</li>
+</ul>
+<p>For a list of what the characters mean that are output by &quot;%i&quot;, see the
+<code>--itemize-changes</code> option in the rsync manpage.</p>
+<p>Note that some of the logged output changes when talking with older rsync
+versions. For instance, deleted files were only output as verbose messages
+prior to rsync 2.6.4.</p>
+</dd>
+
+<dt id="timeout"><code>timeout</code><a href="#timeout" class="tgt"></a></dt><dd>
+<p>This parameter allows you to override the clients choice for I/O timeout
+for this module. Using this parameter you can ensure that rsync won't wait
+on a dead client forever. The timeout is specified in seconds. A value of
+zero means no timeout and is the default. A good choice for anonymous rsync
+daemons may be 600 (giving a 10 minute timeout).</p>
+</dd>
+
+<dt id="refuse_options"><code>refuse options</code><a href="#refuse_options" class="tgt"></a></dt><dd>
+<p>This parameter allows you to specify a space-separated list of rsync
+command-line options that will be refused by your rsync daemon. You may
+specify the full option name, its one-letter abbreviation, or a wild-card
+string that matches multiple options. Beginning in 3.2.0, you can also
+negate a match term by starting it with a &quot;!&quot;.</p>
+<p>When an option is refused, the daemon prints an error message and exits.</p>
+<p>For example, this would refuse <code>--checksum</code> (<code>-c</code>) and all the various
+delete options:</p>
+<blockquote>
+<pre><code>refuse options = c delete
+</code></pre>
+</blockquote>
+<p>The reason the above refuses all delete options is that the options imply
+<code>--delete</code>, and implied options are refused just like explicit options.</p>
+<p>The use of a negated match allows you to fine-tune your refusals after a
+wild-card, such as this:</p>
+<blockquote>
+<pre><code>refuse options = delete-* !delete-during
+</code></pre>
+</blockquote>
+<p>Negated matching can also turn your list of refused options into a list of
+accepted options. To do this, begin the list with a &quot;<code>*</code>&quot; (to refuse all
+options) and then specify one or more negated matches to accept. For
+example:</p>
+<blockquote>
+<pre><code>refuse options = * !a !v !compress*
+</code></pre>
+</blockquote>
+<p>Don't worry that the &quot;<code>*</code>&quot; will refuse certain vital options such as
+<code>--dry-run</code>, <code>--server</code>, <code>--no-iconv</code>, <code>--seclude-args</code>, etc. These
+important options are not matched by wild-card, so they must be overridden
+by their exact name. For instance, if you're forcing iconv transfers you
+could use something like this:</p>
+<blockquote>
+<pre><code>refuse options = * no-iconv !a !v
+</code></pre>
+</blockquote>
+<p>As an additional aid (beginning in 3.2.0), refusing (or &quot;<code>!refusing</code>&quot;) the
+&quot;a&quot; or &quot;archive&quot; option also affects all the options that the <code>--archive</code>
+option implies (<code>-rdlptgoD</code>), but only if the option is matched explicitly
+(not using a wildcard). If you want to do something tricky, you can use
+&quot;<code>archive*</code>&quot; to avoid this side-effect, but keep in mind that no normal
+rsync client ever sends the actual archive option to the server.</p>
+<p>As an additional safety feature, the refusal of &quot;delete&quot; also refuses
+<code>remove-source-files</code> when the daemon is the sender; if you want the latter
+without the former, instead refuse &quot;<code>delete-*</code>&quot; as that refuses all the
+delete modes without affecting <code>--remove-source-files</code>. (Keep in mind that
+the client's <code>--delete</code> option typically results in <code>--delete-during</code>.)</p>
+<p>When un-refusing delete options, you should either specify &quot;<code>!delete*</code>&quot; (to
+accept all delete options) or specify a limited set that includes &quot;delete&quot;,
+such as:</p>
+<blockquote>
+<pre><code>refuse options = * !a !delete !delete-during
+</code></pre>
+</blockquote>
+<p>... whereas this accepts any delete option except <code>--delete-after</code>:</p>
+<blockquote>
+<pre><code>refuse options = * !a !delete* delete-after
+</code></pre>
+</blockquote>
+<p>A note on refusing &quot;compress&quot;: it may be better to set the &quot;<a href="#dont_compress">dont compress</a>&quot;
+daemon parameter to &quot;<code>*</code>&quot; and ensure that <code>RSYNC_COMPRESS_LIST=zlib</code> is set
+in the environment of the daemon in order to disable compression silently
+instead of returning an error that forces the client to remove the <code>-z</code>
+option.</p>
+<p>If you are un-refusing the compress option, you may want to match
+&quot;<code>!compress*</code>&quot; if you also want to allow the <code>--compress-level</code> option.</p>
+<p>Note that the &quot;copy-devices&quot; &amp; &quot;write-devices&quot; options are refused by
+default, but they can be explicitly accepted with &quot;<code>!copy-devices</code>&quot; and/or
+&quot;<code>!write-devices</code>&quot;. The options &quot;log-file&quot; and &quot;log-file-format&quot; are
+forcibly refused and cannot be accepted.</p>
+<p>Here are all the options that are not matched by wild-cards:</p>
+<ul>
+<li><code>--server</code>: Required for rsync to even work.</li>
+<li><code>--rsh</code>, <code>-e</code>: Required to convey compatibility flags to the server.</li>
+<li><code>--out-format</code>: This is required to convey output behavior to a remote
+receiver. While rsync passes the older alias <code>--log-format</code> for
+compatibility reasons, this options should not be confused with
+<code>--log-file-format</code>.</li>
+<li><code>--sender</code>: Use &quot;<a href="#write_only">write only</a>&quot; parameter instead of refusing this.</li>
+<li><code>--dry-run</code>, <code>-n</code>: Who would want to disable this?</li>
+<li><code>--seclude-args</code>, <code>-s</code>: Is the oldest arg-protection method.</li>
+<li><code>--from0</code>, <code>-0</code>: Makes it easier to accept/refuse <code>--files-from</code> without
+affecting this helpful modifier.</li>
+<li><code>--iconv</code>: This is auto-disabled based on &quot;<a href="#charset">charset</a>&quot; parameter.</li>
+<li><code>--no-iconv</code>: Most transfers use this option.</li>
+<li><code>--checksum-seed</code>: Is a fairly rare, safe option.</li>
+<li><code>--write-devices</code>: Is non-wild but also auto-disabled.</li>
+</ul>
+</dd>
+
+<dt id="dont_compress"><code>dont compress</code><a href="#dont_compress" class="tgt"></a></dt><dd>
+<p><strong>NOTE:</strong> This parameter currently has no effect except in one instance: if
+it is set to &quot;<code>*</code>&quot; then it minimizes or disables compression for all files
+(for those that don't want to refuse the <code>--compress</code> option completely).</p>
+<p>This parameter allows you to select filenames based on wildcard patterns
+that should not be compressed when pulling files from the daemon (no
+analogous parameter exists to govern the pushing of files to a daemon).
+Compression can be expensive in terms of CPU usage, so it is usually good
+to not try to compress files that won't compress well, such as already
+compressed files.</p>
+<p>The &quot;dont compress&quot; parameter takes a space-separated list of
+case-insensitive wildcard patterns. Any source filename matching one of the
+patterns will be compressed as little as possible during the transfer. If
+the compression algorithm has an &quot;off&quot; level, then no compression occurs
+for those files. If an algorithms has the ability to change the level in
+mid-stream, it will be minimized to reduce the CPU usage as much as
+possible.</p>
+<p>See the <code>--skip-compress</code> parameter in the <strong>rsync</strong>(1) manpage for the
+list of file suffixes that are skipped by default if this parameter is not
+set.</p>
+</dd>
+
+<span id="post-xfer_exec"></span><span id="pre-xfer_exec"></span><dt id="early_exec"><code>early exec</code>, <code>pre-xfer exec</code>, <code>post-xfer exec</code><a href="#early_exec" class="tgt"></a></dt><dd>
+<p>You may specify a command to be run in the early stages of the connection,
+or right before and/or after the transfer. If the <code>early exec</code> or
+<code>pre-xfer exec</code> command returns an error code, the transfer is aborted
+before it begins. Any output from the <code>pre-xfer exec</code> command on stdout
+(up to several KB) will be displayed to the user when aborting, but is
+<u>not</u> displayed if the script returns success. The other programs cannot
+send any text to the user. All output except for the <code>pre-xfer exec</code>
+stdout goes to the corresponding daemon's stdout/stderr, which is typically
+discarded. See the <code>--no-detatch</code> option for a way to see the daemon's
+output, which can assist with debugging.</p>
+<p>Note that the <code>early exec</code> command runs before any part of the transfer
+request is known except for the module name. This helper script can be
+used to setup a disk mount or decrypt some data into a module dir, but you
+may need to use <code>lock file</code> and <code>max connections</code> to avoid concurrency
+issues. If the client rsync specified the <code>--early-input=FILE</code> option, it
+can send up to about 5K of data to the stdin of the early script. The
+stdin will otherwise be empty.</p>
+<p>Note that the <code>post-xfer exec</code> command is still run even if one of the
+other scripts returns an error code. The <code>pre-xfer exec</code> command will <u>not</u>
+be run, however, if the <code>early exec</code> command fails.</p>
+<p>The following environment variables will be set, though some are specific
+to the pre-xfer or the post-xfer environment:</p>
+<ul>
+<li><code>RSYNC_MODULE_NAME</code>: The name of the module being accessed.</li>
+<li><code>RSYNC_MODULE_PATH</code>: The path configured for the module.</li>
+<li><code>RSYNC_HOST_ADDR</code>: The accessing host's IP address.</li>
+<li><code>RSYNC_HOST_NAME</code>: The accessing host's name.</li>
+<li><code>RSYNC_USER_NAME</code>: The accessing user's name (empty if no user).</li>
+<li><code>RSYNC_PID</code>: A unique number for this transfer.</li>
+<li><code>RSYNC_REQUEST</code>: (pre-xfer only) The module/path info specified by the
+user. Note that the user can specify multiple source files, so the
+request can be something like &quot;mod/path1 mod/path2&quot;, etc.</li>
+<li><code>RSYNC_ARG#</code>: (pre-xfer only) The pre-request arguments are set in these
+numbered values. RSYNC_ARG0 is always &quot;rsyncd&quot;, followed by the options
+that were used in RSYNC_ARG1, and so on. There will be a value of &quot;.&quot;
+indicating that the options are done and the path args are beginning&nbsp;-&#8288;-&#8288;
+these contain similar information to RSYNC_REQUEST, but with values
+separated and the module name stripped off.</li>
+<li><code>RSYNC_EXIT_STATUS</code>: (post-xfer only) the server side's exit value. This
+will be 0 for a successful run, a positive value for an error that the
+server generated, or a -&#8288;1 if rsync failed to exit properly. Note that an
+error that occurs on the client side does not currently get sent to the
+server side, so this is not the final exit status for the whole transfer.</li>
+<li><code>RSYNC_RAW_STATUS</code>: (post-xfer only) the raw exit value from
+<strong>waitpid()</strong>.</li>
+</ul>
+<p>Even though the commands can be associated with a particular module, they
+are run using the permissions of the user that started the daemon (not the
+module's uid/gid setting) without any chroot restrictions.</p>
+<p>These settings honor 2 environment variables: use RSYNC_SHELL to set a
+shell to use when running the command (which otherwise uses your
+<strong>system()</strong> call's default shell), and use RSYNC_NO_XFER_EXEC to disable
+both options completely.</p>
+</dd>
+</dl>
+<h2 id="CONFIG_DIRECTIVES">CONFIG DIRECTIVES<a href="#CONFIG_DIRECTIVES" class="tgt"></a></h2>
+<p>There are currently two config directives available that allow a config file to
+incorporate the contents of other files: <code>&amp;include</code> and <code>&amp;merge</code>. Both allow
+a reference to either a file or a directory. They differ in how segregated the
+file's contents are considered to be.</p>
+<p>The <code>&amp;include</code> directive treats each file as more distinct, with each one
+inheriting the defaults of the parent file, starting the parameter parsing as
+globals/defaults, and leaving the defaults unchanged for the parsing of the
+rest of the parent file.</p>
+<p>The <code>&amp;merge</code> directive, on the other hand, treats the file's contents as if it
+were simply inserted in place of the directive, and thus it can set parameters
+in a module started in another file, can affect the defaults for other files,
+etc.</p>
+<p>When an <code>&amp;include</code> or <code>&amp;merge</code> directive refers to a directory, it will read in
+all the <code>*.conf</code> or <code>*.inc</code> files (respectively) that are contained inside that
+directory (without any recursive scanning), with the files sorted into alpha
+order. So, if you have a directory named &quot;rsyncd.d&quot; with the files &quot;foo.conf&quot;,
+&quot;bar.conf&quot;, and &quot;baz.conf&quot; inside it, this directive:</p>
+<blockquote>
+<pre><code>&amp;include /path/rsyncd.d
+</code></pre>
+</blockquote>
+<p>would be the same as this set of directives:</p>
+<blockquote>
+<pre><code>&amp;include /path/rsyncd.d/bar.conf
+&amp;include /path/rsyncd.d/baz.conf
+&amp;include /path/rsyncd.d/foo.conf
+</code></pre>
+</blockquote>
+<p>except that it adjusts as files are added and removed from the directory.</p>
+<p>The advantage of the <code>&amp;include</code> directive is that you can define one or more
+modules in a separate file without worrying about unintended side-effects
+between the self-contained module files.</p>
+<p>The advantage of the <code>&amp;merge</code> directive is that you can load config snippets
+that can be included into multiple module definitions, and you can also set
+global values that will affect connections (such as <code>motd file</code>), or globals
+that will affect other include files.</p>
+<p>For example, this is a useful /etc/rsyncd.conf file:</p>
+<blockquote>
+<pre><code>port = 873
+log file = /var/log/rsync.log
+pid file = /var/lock/rsync.lock
+
+&amp;merge /etc/rsyncd.d
+&amp;include /etc/rsyncd.d
+</code></pre>
+</blockquote>
+<p>This would merge any <code>/etc/rsyncd.d/*.inc</code> files (for global values that should
+stay in effect), and then include any <code>/etc/rsyncd.d/*.conf</code> files (defining
+modules without any global-value cross-talk).</p>
+<h2 id="AUTHENTICATION_STRENGTH">AUTHENTICATION STRENGTH<a href="#AUTHENTICATION_STRENGTH" class="tgt"></a></h2>
+<p>The authentication protocol used in rsync is a 128 bit MD4 based challenge
+response system. This is fairly weak protection, though (with at least one
+brute-force hash-finding algorithm publicly available), so if you want really
+top-quality security, then I recommend that you run rsync over ssh. (Yes, a
+future version of rsync will switch over to a stronger hashing method.)</p>
+<p>Also note that the rsync daemon protocol does not currently provide any
+encryption of the data that is transferred over the connection. Only
+authentication is provided. Use ssh as the transport if you want encryption.</p>
+<p>You can also make use of SSL/TLS encryption if you put rsync behind an
+SSL proxy.</p>
+<h2 id="SSL_TLS_Daemon_Setup">SSL/TLS Daemon Setup<a href="#SSL_TLS_Daemon_Setup" class="tgt"></a></h2>
+<p>When setting up an rsync daemon for access via SSL/TLS, you will need to
+configure a TCP proxy (such as haproxy or nginx) as the front-end that handles
+the encryption.</p>
+<ul>
+<li>You should limit the access to the backend-rsyncd port to only allow the
+proxy to connect. If it is on the same host as the proxy, then configuring
+it to only listen on localhost is a good idea.</li>
+<li>You should consider turning on the <code>proxy protocol</code> rsync-daemon parameter if
+your proxy supports sending that information. The examples below assume that
+this is enabled.</li>
+</ul>
+<p>An example haproxy setup is as follows:</p>
+<blockquote>
+<pre><code>frontend fe_rsync-ssl
+ bind :::874 ssl crt /etc/letsencrypt/example.com/combined.pem
+ mode tcp
+ use_backend be_rsync
+
+backend be_rsync
+ mode tcp
+ server local-rsync 127.0.0.1:873 check send-proxy
+</code></pre>
+</blockquote>
+<p>An example nginx proxy setup is as follows:</p>
+<blockquote>
+<pre><code>stream {
+ server {
+ listen 874 ssl;
+ listen [::]:874 ssl;
+
+ ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/example.com/privkey.pem;
+
+ proxy_pass localhost:873;
+ proxy_protocol on; # Requires rsyncd.conf &quot;proxy protocol = true&quot;
+ proxy_timeout 1m;
+ proxy_connect_timeout 5s;
+ }
+}
+</code></pre>
+</blockquote>
+<h2 id="DAEMON_CONFIG_EXAMPLES">DAEMON CONFIG EXAMPLES<a href="#DAEMON_CONFIG_EXAMPLES" class="tgt"></a></h2>
+<p>A simple rsyncd.conf file that allow anonymous rsync to a ftp area at
+<code>/home/ftp</code> would be:</p>
+<blockquote>
+<pre><code>[ftp]
+ path = /home/ftp
+ comment = ftp export area
+</code></pre>
+</blockquote>
+<p>A more sophisticated example would be:</p>
+<blockquote>
+<pre><code>uid = nobody
+gid = nobody
+use chroot = yes
+max connections = 4
+syslog facility = local5
+pid file = /var/run/rsyncd.pid
+
+[ftp]
+ path = /var/ftp/./pub
+ comment = whole ftp area (approx 6.1 GB)
+
+[sambaftp]
+ path = /var/ftp/./pub/samba
+ comment = Samba ftp area (approx 300 MB)
+
+[rsyncftp]
+ path = /var/ftp/./pub/rsync
+ comment = rsync ftp area (approx 6 MB)
+
+[sambawww]
+ path = /public_html/samba
+ comment = Samba WWW pages (approx 240 MB)
+
+[cvs]
+ path = /data/cvs
+ comment = CVS repository (requires authentication)
+ auth users = tridge, susan
+ secrets file = /etc/rsyncd.secrets
+</code></pre>
+</blockquote>
+<p>The /etc/rsyncd.secrets file would look something like this:</p>
+<blockquote>
+<pre><code>tridge:mypass
+susan:herpass
+</code></pre>
+</blockquote>
+<h2 id="FILES">FILES<a href="#FILES" class="tgt"></a></h2>
+<p>/etc/rsyncd.conf or rsyncd.conf</p>
+<h2 id="SEE_ALSO">SEE ALSO<a href="#SEE_ALSO" class="tgt"></a></h2>
+<p><a href="rsync.1"><strong>rsync</strong>(1)</a>, <a href="rsync-ssl.1"><strong>rsync-ssl</strong>(1)</a></p>
+<h2 id="BUGS">BUGS<a href="#BUGS" class="tgt"></a></h2>
+<p>Please report bugs! The rsync bug tracking system is online at
+<a href="https://rsync.samba.org/">https://rsync.samba.org/</a>.</p>
+<h2 id="VERSION">VERSION<a href="#VERSION" class="tgt"></a></h2>
+<p>This manpage is current for version 3.2.7 of rsync.</p>
+<h2 id="CREDITS">CREDITS<a href="#CREDITS" class="tgt"></a></h2>
+<p>Rsync is distributed under the GNU General Public License. See the file
+<a href="COPYING">COPYING</a> for details.</p>
+<p>An rsync web site is available at <a href="https://rsync.samba.org/">https://rsync.samba.org/</a> and its github
+project is <a href="https://github.com/WayneD/rsync">https://github.com/WayneD/rsync</a>.</p>
+<h2 id="THANKS">THANKS<a href="#THANKS" class="tgt"></a></h2>
+<p>Thanks to Warren Stanley for his original idea and patch for the rsync daemon.
+Thanks to Karsten Thygesen for his many suggestions and documentation!</p>
+<h2 id="AUTHOR">AUTHOR<a href="#AUTHOR" class="tgt"></a></h2>
+<p>Rsync was originally written by Andrew Tridgell and Paul Mackerras. Many
+people have later contributed to it. It is currently maintained by Wayne
+Davison.</p>
+<p>Mailing lists for support and development are available at
+<a href="https://lists.samba.org/">https://lists.samba.org/</a>.</p>
+<div style="float: right"><p><i>20 Oct 2022</i></p></div>
+</body></html>