On Fri, Mar 11, 2022 at 10:36:49PM -0800, Bri Hatch via rsync <rsync@lists.samba.org> wrote:
> On Fri, Mar 11, 2022 at 10:22 PM Kevin Korb via rsync <rsync@lists.samba.org> > wrote: > > > Rsync includes a script named rrsync that handles this perfectly. > > And authprogs provides similar functionality, though you use yaml to define > what is/isn't allowed. However it does allow you to use one SSH identity > for potentially many different source dirs rather than requiring a separate > authorized_key entry for each forced command. > > example: > > - rule_type: rsync > allow_donwload: true > allow_recursive: true > paths: > - /etc > - /srv/freezeray > path_startswith: > - /srv/web > > https://github.com/daethnir/authprogs/blob/main/doc/authprogs.md#rsync-subrules And there's sshdo as well: https://github.com/raforg/sshdo Like authprogs, it also works with any command, not just rsync. And it almost configures itself with a learning mode to monitor commands that need to be allowed. And it can relearn if commands need to change over time, and unlearn old commands that are no longer needed. cheers, raf -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html