> On 10 Apr 2026, at 15:21, G.W. Haywood via rsync <[email protected]> > wrote: > > Hello again, > > On Thu, 9 Apr 2026, Kevin Korb via rsync wrote: >> On 2026-04-09 10:29, G.W. Haywood via rsync wrote: >> > On Thu, 9 Apr 2026, RolandK via rsync wrote: >> > > > ... >> > > ... >> > > wouldn't it be an interesting idea to have some feature/switch in >> > > rsync, which can globally (on a per host basis) turn rsync >> > > into "read-only" mode, i.e. which makes rsync binary drop any >> > > capability of using write/modify/delete syscalls ? >> > > ... >> > > ... >> > > 1. Does the (default) "read only" module parameter not suffice? >> > > 2. Isn't the usual way to achieve the same global effect simply to run >> > the utlilty under a UID that has no write permissions? >> > Rsync doesn't have a read-only mode. Rsyncd does but almost nobody >> uses that. > > Curious that almost nobody should be using it, it's in pretty much > all of my rsyncd.conf files. Is there any particular reason why it > should be so little used? Would you also conclude that almost nobody > would use rsync's new --readonly switch? > >> This person is specifically using rsync over ssh not rsyncd. > > Yes, I noticed that. I almost never use rsync over ssh. If it's a > remote connection I rely on OpenVPN. The encryption overhead can be > off-loaded to other boxes that way too. > >> Yes, running as a user that can only read files is an excellent >> solution. However, this is about full system backups which likely >> contain files that only root can read. Sure, some --fake-super >> trickery could be done but rrsync -ro is easier. > > 3. mount -o bind,ro / /mnt/fake-readonly-root
Genius! Unless there's a catch I haven't thought of, I would certainly go in that direction if I had a need for it. Having ssh in for root enabled sounds so very scary. You could even have a "sandbox" machine for this, mounting over NFS? Cheers, Stein > > ? > > Just trying to help. :) > > -- > > 73, > Ged. > > -- > Please use reply-all for most replies to avoid omitting the mailing list. > To unsubscribe or change options: > https://lists.samba.org/mailman/listinfo/rsync > Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
