The branch, master has been updated via ce12142c Don't set systemd ProtectHome=on by default. from c83a81ca Move name exceptions into the txt file.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit ce12142c459788b611da5f5d525e0486822b043a Author: Wayne Davison <wa...@opencoder.net> Date: Wed Jul 1 10:40:02 2020 -0700 Don't set systemd ProtectHome=on by default. ----------------------------------------------------------------------- Summary of changes: NEWS.md | 10 ++++++++++ packaging/systemd/rsync.service | 2 +- packaging/systemd/rsync@.service | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/NEWS.md b/NEWS.md index 2b192b38..e30d9903 100644 --- a/NEWS.md +++ b/NEWS.md @@ -39,6 +39,11 @@ Protocol: 31 (unchanged) also allows you to specify the value via the RSYNC_MAX_ALLOC environment variable. + - The default systemd config was changed to remove the `ProtectHome=on` + setting since rsync is often used to serve files in /home and this seemed a + bit too strict. Feel free to use `systemctl edit rsync` to add that + restriction to your own setup, if you like. + - The memory allocation functions now automatically check for a failure and die when out of memory. This eliminated some caller-side check-and-die code and added some missing sanity-checking of allocations. @@ -98,6 +103,11 @@ Protocol: 31 (unchanged) ### ENHANCEMENTS: + - The default systemd config was made a bit stricter by default. For + instance, `ProtectHome=on` was added. You can override this using the + standard `systemctl edit rsync` and add a line to turn that off under a + `[Service]` heading. + - The use of `--backup-dir=STR` now implies `--backup`. - Added `--zl=NUM` as a short-hand for `--compress-level=NUM`. diff --git a/packaging/systemd/rsync.service b/packaging/systemd/rsync.service index fafe72b3..5955db9e 100644 --- a/packaging/systemd/rsync.service +++ b/packaging/systemd/rsync.service @@ -23,7 +23,7 @@ RestartSec=1 # See systemd.unit(5) and search for "drop-in" for full details. ProtectSystem=full -ProtectHome=on +#ProtectHome=on PrivateDevices=on NoNewPrivileges=on diff --git a/packaging/systemd/rsync@.service b/packaging/systemd/rsync@.service index e1f48da8..3168cb61 100644 --- a/packaging/systemd/rsync@.service +++ b/packaging/systemd/rsync@.service @@ -23,6 +23,6 @@ StandardError=journal # See systemd.unit(5) and search for "drop-in" for full details. ProtectSystem=full -ProtectHome=on +#ProtectHome=on PrivateDevices=on NoNewPrivileges=on -- The rsync repository. _______________________________________________ rsync-cvs mailing list rsync-cvs@lists.samba.org https://lists.samba.org/mailman/listinfo/rsync-cvs