Re: rsync readonly mode?
> On May 27, 2026, at 14:08, Thor Simon via rsync wrote: > >> On Fri 10 Apr 2026, Kevin Korb via rsync wrote: >> >> I didn't mean that almost nobody uses the read only option in rsyncd.conf. >> I meant that almost nobody uses rsyncd at all. Publishing publicly >> available read only repositories is one of the things it is still used for. > > I disagree that "nobody uses rsyncd at all" Right, MacPorts users receive their updates by syncing with a public rsync server. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
RE: rsync readonly mode?
I disagree that "nobody uses rsyncd at all" unless you mean specifically to exclude use of rsync in daemon mode over ssh transport or other secure transport. I've seen it used (and still see it used) many places, and generally for the same reason - to enforce rsync configuration in a way the client cannot override, while obtaining the markedly superior security properties of SSH or TLS transport. The typical patterns are either: 1) Force use of rsync as the user's login shell (note that OpenSSH "ForceCommand" is not sufficient if the user has access to write the underlying filesystem, as ForceCommand uses the login shell to execute the command, and can be spoofed if the user can write the shell startup files). 2) Put rsync --daemon behind stunnel or similar TLS-speaking proxy that can do the desired kind of authentication. Thor -Original Message- From: rsync On Behalf Of Paul Slootman via rsync Sent: Sunday, April 12, 2026 10:07 AM To: [email protected] Subject: Re: rsync readonly mode? On Fri 10 Apr 2026, Kevin Korb via rsync wrote: > > I didn't mean that almost nobody uses the read only option in rsyncd.conf. > I meant that almost nobody uses rsyncd at all. Publishing publicly > available read only repositories is one of the things it is still used for. I use it extensively for backups in our "private cloud" network, and elsewhere, together with appropriate firewall rules. I trust rsyncd with appropriate "hosts allow", "uid" and "read only = yes" in de modules definitions more than hoping that no one ever makes an error in locking down root ssh access. > Rsync over ssh isn't just about encryption it is also about the far > superior authentication capabilities of ssh. Like ssh keys. This is > especially important when rsyncing as root for system backups. FWIW the (admittedly) simplistic rsync authentication can add a bit more security to an rsyncd setup. Paul -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync readonly mode?
On Fri 10 Apr 2026, Kevin Korb via rsync wrote: > > I didn't mean that almost nobody uses the read only option in rsyncd.conf. > I meant that almost nobody uses rsyncd at all. Publishing publicly > available read only repositories is one of the things it is still used for. I use it extensively for backups in our "private cloud" network, and elsewhere, together with appropriate firewall rules. I trust rsyncd with appropriate "hosts allow", "uid" and "read only = yes" in de modules definitions more than hoping that no one ever makes an error in locking down root ssh access. > Rsync over ssh isn't just about encryption it is also about the far superior > authentication capabilities of ssh. Like ssh keys. This is especially > important when rsyncing as root for system backups. FWIW the (admittedly) simplistic rsync authentication can add a bit more security to an rsyncd setup. Paul -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync readonly mode?
Rsync doesn't have a --readonly switch. Maybe you have a version with a patch? I didn't mean that almost nobody uses the read only option in rsyncd.conf. I meant that almost nobody uses rsyncd at all. Publishing publicly available read only repositories is one of the things it is still used for. Rsync over ssh isn't just about encryption it is also about the far superior authentication capabilities of ssh. Like ssh keys. This is especially important when rsyncing as root for system backups. On 4/10/26 09:21, G.W. Haywood via rsync wrote: Hello again, On Thu, 9 Apr 2026, Kevin Korb via rsync wrote: On 2026-04-09 10:29, G.W. Haywood via rsync wrote: > On Thu, 9 Apr 2026, RolandK via rsync wrote: > > > ... > > ... > > wouldn't it be an interesting idea to have some feature/switch in > > rsync, which can globally (on a per host basis) turn rsync > > into "read-only" mode, i.e. which makes rsync binary drop any > > capability of using write/modify/delete syscalls ? > > ... > > ... > > 1. Does the (default) "read only" module parameter not suffice? > > 2. Isn't the usual way to achieve the same global effect simply to run > the utlilty under a UID that has no write permissions? > Rsync doesn't have a read-only mode. Rsyncd does but almost nobody uses that. Curious that almost nobody should be using it, it's in pretty much all of my rsyncd.conf files. Is there any particular reason why it should be so little used? Would you also conclude that almost nobody would use rsync's new --readonly switch? This person is specifically using rsync over ssh not rsyncd. Yes, I noticed that. I almost never use rsync over ssh. If it's a remote connection I rely on OpenVPN. The encryption overhead can be off-loaded to other boxes that way too. Yes, running as a user that can only read files is an excellent solution. However, this is about full system backups which likely contain files that only root can read. Sure, some --fake-super trickery could be done but rrsync -ro is easier. 3. mount -o bind,ro / /mnt/fake-readonly-root ? Just trying to help. :) -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync readonly mode?
> On 10 Apr 2026, at 15:21, G.W. Haywood via rsync > wrote: > > Hello again, > > On Thu, 9 Apr 2026, Kevin Korb via rsync wrote: >> On 2026-04-09 10:29, G.W. Haywood via rsync wrote: >> > On Thu, 9 Apr 2026, RolandK via rsync wrote: >> > > > ... >> > > ... >> > > wouldn't it be an interesting idea to have some feature/switch in >> > > rsync, which can globally (on a per host basis) turn rsync >> > > into "read-only" mode, i.e. which makes rsync binary drop any >> > > capability of using write/modify/delete syscalls ? >> > > ... >> > > ... >> > > 1. Does the (default) "read only" module parameter not suffice? >> > > 2. Isn't the usual way to achieve the same global effect simply to run >> > the utlilty under a UID that has no write permissions? >> > Rsync doesn't have a read-only mode. Rsyncd does but almost nobody >> uses that. > > Curious that almost nobody should be using it, it's in pretty much > all of my rsyncd.conf files. Is there any particular reason why it > should be so little used? Would you also conclude that almost nobody > would use rsync's new --readonly switch? > >> This person is specifically using rsync over ssh not rsyncd. > > Yes, I noticed that. I almost never use rsync over ssh. If it's a > remote connection I rely on OpenVPN. The encryption overhead can be > off-loaded to other boxes that way too. > >> Yes, running as a user that can only read files is an excellent >> solution. However, this is about full system backups which likely >> contain files that only root can read. Sure, some --fake-super >> trickery could be done but rrsync -ro is easier. > > 3. mount -o bind,ro / /mnt/fake-readonly-root Genius! Unless there's a catch I haven't thought of, I would certainly go in that direction if I had a need for it. Having ssh in for root enabled sounds so very scary. You could even have a "sandbox" machine for this, mounting over NFS? Cheers, Stein > > ? > > Just trying to help. :) > > -- > > 73, > Ged. > > -- > Please use reply-all for most replies to avoid omitting the mailing list. > To unsubscribe or change options: > https://lists.samba.org/mailman/listinfo/rsync > Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync readonly mode?
Hello again, On Thu, 9 Apr 2026, Kevin Korb via rsync wrote: On 2026-04-09 10:29, G.W. Haywood via rsync wrote: > On Thu, 9 Apr 2026, RolandK via rsync wrote: > > > ... > > ... > > wouldn't it be an interesting idea to have some feature/switch in > > rsync, which can globally (on a per host basis) turn rsync > > into "read-only" mode, i.e. which makes rsync binary drop any > > capability of using write/modify/delete syscalls ? > > ... > > ... > > 1. Does the (default) "read only" module parameter not suffice? > > 2. Isn't the usual way to achieve the same global effect simply to run > the utlilty under a UID that has no write permissions? > Rsync doesn't have a read-only mode. Rsyncd does but almost nobody uses that. Curious that almost nobody should be using it, it's in pretty much all of my rsyncd.conf files. Is there any particular reason why it should be so little used? Would you also conclude that almost nobody would use rsync's new --readonly switch? This person is specifically using rsync over ssh not rsyncd. Yes, I noticed that. I almost never use rsync over ssh. If it's a remote connection I rely on OpenVPN. The encryption overhead can be off-loaded to other boxes that way too. Yes, running as a user that can only read files is an excellent solution. However, this is about full system backups which likely contain files that only root can read. Sure, some --fake-super trickery could be done but rrsync -ro is easier. 3. mount -o bind,ro / /mnt/fake-readonly-root ? Just trying to help. :) -- 73, Ged. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync readonly mode?
Rsync doesn't have a read-only mode. Rsyncd does but almost nobody uses that. This person is specifically using rsync over ssh not rsyncd. Yes, running as a user that can only read files is an excellent solution. However, this is about full system backups which likely contain files that only root can read. Sure, some --fake-super trickery could be done but rrsync -ro is easier. On 2026-04-09 10:29, G.W. Haywood via rsync wrote: Hi there, 41;366;0c On Thu, 9 Apr 2026, RolandK wrote: ... ... wouldn't it be an interesting idea to have some feature/switch in rsync, which can globally (on a per host basis) turn rsync into "read-only" mode, i.e. which makes rsync binary drop any capability of using write/modify/delete syscalls ? ... ... 1. Does the (default) "read only" module parameter not suffice? 2. Isn't the usual way to achieve the same global effect simply to run the utlilty under a UID that has no write permissions? -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync readonly mode?
Hi there, 41;366;0c On Thu, 9 Apr 2026, RolandK wrote: ... ... wouldn't it be an interesting idea to have some feature/switch in rsync, which can globally (on a per host basis) turn rsync into "read-only" mode, i.e. which makes rsync binary drop any capability of using write/modify/delete syscalls ? ... ... 1. Does the (default) "read only" module parameter not suffice? 2. Isn't the usual way to achieve the same global effect simply to run the utlilty under a UID that has no write permissions? -- 73, Ged. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync readonly mode?
On Apr 9, 2026, at 06:14, RolandK via rsync wrote: > > unfortunately, rrsync is not available on some platforms like macos, not even > homebrew rsync 3.4.1 does bundle it (yet). It looks like it's just a python script, so you can download it, save it anywhere, and use it. https://raw.githubusercontent.com/RsyncProject/rsync/refs/heads/master/support/rrsync However, now that I know it exists, I will also make it available in MacPorts. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync readonly mode?
It used to be perl. If that works better for you, you can probably find that version somewhere. Also, I said it was in the contrib dir but it is actually in the support dir (I was thinking of the OpernSSH source tree not rsync). On 2026-04-09 07:33, Ryan Carsten Schmidt wrote: On Apr 9, 2026, at 06:14, RolandK via rsync wrote: unfortunately, rrsync is not available on some platforms like macos, not even homebrew rsync 3.4.1 does bundle it (yet). It looks like it's just a python script, so you can download it, save it anywhere, and use it. https://raw.githubusercontent.com/RsyncProject/rsync/refs/heads/master/support/rrsync However, now that I know it exists, I will also make it available in MacPorts. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync readonly mode?
thanks, i have to admit i have underestimated rrsync. looks like a powerful tool, and testing looks quite promsing. it seems i need to do only minimal changes to our backup solution. unfortunately, rrsync is not available on some platforms like macos, not even homebrew rsync 3.4.1 does bundle it (yet). regards Roland Am 08.04.26 um 18:22 schrieb Kevin Korb via rsync: You can do this by restricting the ssh key to rrsync (comes with rsync in the contrib dir). It has a read only and a write only mode. If the path you give it is / then it is pretty much transparent unless one of those options is also used. Otherwise, you can use the rsyncd over ssh setup which is kinda ugly and would require the same forcing method to not just be optional. On 4/8/26 12:18, RolandK via rsync wrote: Hello, we are using rsync mostly exclusively for packup purpose in "pull mode" , run via script from a central backup server. for that, we typically have allowed remote root login via ssh key. rsync from the backup server pulls data from all hosts to be backed up via ssh/rsync remote pipe. it's running great for years in conjunction with zfs + inplace + rotating snapshots. besides the fact that we can use ssh security features to restrict what commands can be run from remote - i am curious: wouldn't it be an interesting idea to have some feature/switch in rsync, which can globally (on a per host basis) turn rsync into "read-only" mode, i.e. which makes rsync binary drop any capability of using write/modify/ delete syscalls ? maybe via some hard-coded /etc/rsync.conf , checked on startup ? does this sound reasonable and wold someone find this useful , too ? regards roland -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync readonly mode?
You can do this by restricting the ssh key to rrsync (comes with rsync in the contrib dir). It has a read only and a write only mode. If the path you give it is / then it is pretty much transparent unless one of those options is also used. Otherwise, you can use the rsyncd over ssh setup which is kinda ugly and would require the same forcing method to not just be optional. On 4/8/26 12:18, RolandK via rsync wrote: Hello, we are using rsync mostly exclusively for packup purpose in "pull mode" , run via script from a central backup server. for that, we typically have allowed remote root login via ssh key. rsync from the backup server pulls data from all hosts to be backed up via ssh/rsync remote pipe. it's running great for years in conjunction with zfs + inplace + rotating snapshots. besides the fact that we can use ssh security features to restrict what commands can be run from remote - i am curious: wouldn't it be an interesting idea to have some feature/switch in rsync, which can globally (on a per host basis) turn rsync into "read-only" mode, i.e. which makes rsync binary drop any capability of using write/modify/ delete syscalls ? maybe via some hard-coded /etc/rsync.conf , checked on startup ? does this sound reasonable and wold someone find this useful , too ? regards roland -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
