Hi Tim,
Just so I get this right
In the /etc/rsyncd.conf on the server end I'll put:
##
uid = matt
gid = matt
#auth users = yes
secrets file = /etc/rsyncd.secrets
[apps]
auth users = apps
path=/home/apps
read only=false
[projects]
auth users = projects
path=/home/projects
read only=true
##
Format of /etc/rsyncd.secrets:
##
[apps]
[EMAIL PROTECTED]:abcd
[projects]
[EMAIL PROTECTED]:abcd
##
chmod 600 /etc/rsyncd.secrets
On the client side:
Under unix uid: simpson
##
rsync -options --password-file=~.rsyncpw [EMAIL PROTECTED]::apps /home/apps
rsync -options --password-file=~.rsyncpw
[EMAIL PROTECTED]::projects /home/projects
##
or in ~simpson/.bash_profile: export RSYNC_PASSWORD=abcd
~.rsyncpw:
##
abcd
##
Will this work?
Thanks,
Matt
Not every module as such, but every rsyncd user (these are independent of
unix UID) has a seperately defined password, and furthermore, each module
can specify its own list of authorized rsyncd users, as well as its own
secrets file, so you can effectively accomplish what you want. To make it
easier to keep track, i'd suggest one big secrets file, containing module
names and passwords, and for each module, make auth users = module name,
so you users will then use
modulename@server::modulename and either --password-file= or set
RSYNC_PASSWORD appropriately. Of course, it would probably be easier for
all concerned to use a single secrets file with entries for each user you
want to let in, then control each modules access by the auth users list.
Tim Conway
[EMAIL PROTECTED]
303.682.4917
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(,
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970),
.\n '
There are some who call me Tim?
Matthew Simpson [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
04/28/2002 05:05 AM
To: Tim Conway/LMT/SC/PHILIPS@AMEC
cc: [EMAIL PROTECTED]
Subject:Re: Dynamic address problem
Classification:
Hi Tim
Sounds good, What would the best way to do this be? Can each module
in the rsync.conf file have a different password? I noticed the
--password-file directive for the client side, but how do I set the
client side to ask for a password?
Matt
How about switching to password authentication? Makes you spoof-proof.
Anybody who can sniff your network to get the plaintext can probably
spoof
your IP anyway, so you lose no security(probably gain a bit), and this
doesn't have to wait for dns registration to propogate.
Tim Conway
[EMAIL PROTECTED]
303.682.4917
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(,
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970),
.\n '
There are some who call me Tim?
Michael Zimmermann [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
04/24/2002 02:13 AM
To: Matthew Simpson [EMAIL PROTECTED]
[EMAIL PROTECTED]
cc: (bcc: Tim Conway/LMT/SC/PHILIPS)
Subject:Re: Dynamic address problem
Classification:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At Wednesday 24 April 2002 08:19 Matthew Simpson wrote:
We have clients which dynamic IPs which we have setup with
host.dyndns.org addresses. We have added these to the rsync.conf
'hosts allow= but they are being denied access..
I assume that this could be DNS-update (resp. -actuality) Problem.
Are you sure, that at the moment rsync is called, the server's
DNS-resolver delivers the correct IP?
Greetings
- --
Michael Zimmermann (Vegaa Safety and Security for Internet Services)
[EMAIL PROTECTED] phone +49 89 6283 7632hotline +49 163 823 1195
Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8xmku72vu22ltWBERAs8nAJ9e/d6YKhN2C6dS9gEUb3vTf0Qy+ACfScnQ
oFtr/HHD33pKfl1pp6LtvDY=
=CP1w
-END PGP SIGNATURE-
--
To unsubscribe or change options:
http://lists.samba.org/mailman/listinfo/rsync
Before posting, read:
http://www.tuxedo.org/~esr/faqs/smart-questions.html
--
To unsubscribe or change options:
http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
--
To unsubscribe or change options:
http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
--
To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html