blob: 63ba0c7c4667f32eee886dc9693524a9bf6924cf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
[Unit]
Description=fast remote file copy program daemon
After=network.target
[Service]
ExecStart=-/usr/bin/rsync --daemon
StandardInput=socket
StandardOutput=inherit
StandardError=journal
# Citing README.md:
#
# [...] Using ssh is recommended for its security features.
#
# Alternatively, rsync can run in `daemon' mode, listening on a socket.
# This is generally used for public file distribution, [...]
#
# So let's assume some extra security is more than welcome here. We do full
# system protection (which makes /usr, /boot, & /etc read-only) and hide
# devices. To override these defaults, it's best to do so in the drop-in
# directory, often done via `systemctl edit rsync@.service`. The file needs
# just the bare minimum of the right [heading] and override values.
# See systemd.unit(5) and search for "drop-in" for full details.
ProtectSystem=full
#ProtectHome=on|off|read-only
PrivateDevices=on
NoNewPrivileges=on
|
