Hello all, when the "write only = yes" option is used on rsync server, the client can't download any file from the server. My question is, if in that case the rsync protocol will allow the client to read the server directory content or not. The question is not about if standard rsync client will allow to do that - I verified that using "--list-only" client option fails in this case, but if the rsync protocol internally allows to do that or not - that is if e.g. if some hacked client would be able to get the list of remote dir. Thanks in advance for your reply, Pavel
--list-only (or no target specified) are the only listings without transferring that rsync supports. The restriction would not apply to the list of modules (IIRC there is another option for that). On 09/06/2017 04:00 AM, Pavel Kasparek via rsync wrote:> Hello all, > > when the "write only = yes" option is used on rsync server, the client > can't download any file from the server. > > My question is, if in that case the rsync protocol will allow the client > to read the server directory content or not. The question is not about > if standard rsync client will allow to do that - I verified that using > "--list-only" client option fails in this case, but if the rsync > protocol internally allows to do that or not - that is if e.g. if some > hacked client would be able to get the list of remote dir. > > Thanks in advance for your reply, > > Pavel > > > > >-- ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._., Kevin Korb Phone: (407) 252-6853 Systems Administrator Internet: FutureQuest, Inc. Kevin at FutureQuest.net (work) Orlando, Florida kmk at sanitarium.net (personal) Web page: http://www.sanitarium.net/ PGP public key available on web site. ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._., -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 224 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/rsync/attachments/20170906/f55e40f2/signature.sig>
On Wed, Sep 6, 2017 at 1:00 AM, Pavel Kasparek via rsync < rsync at lists.samba.org> wrote:> when the "write only = yes" option is used on rsync server, [... would a] > hacked client [...] be able to get the list of remote dir [?]It wouldn't work. The listing action is a special kind of read operation, and all read operations are denied by the server when "write only" is used. I'd also suggest that you specify "refuse options = delete" for a write-only module. ..wayne.. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.samba.org/pipermail/rsync/attachments/20171008/6a24f662/attachment.html>
On 10/08/2017 06:19 PM, Wayne Davison wrote:> On Wed, Sep 6, 2017 at 1:00 AM, Pavel Kasparek via rsync > <rsync at lists.samba.org <mailto:rsync at lists.samba.org>> wrote: > > when the "write only = yes" option is used on rsync server, [... > would a] hacked client [...] be able to get the list of remote dir [?] > > > It wouldn't work. The listing action is a special kind of read > operation, and all read operations are denied by the server when > "write only" is used. I'd also suggest that you specify "refuse > options = delete" for a write-only module. > > ..wayne.. >Perfect, thank you all for your replies. Pavel
Reasonably Related Threads
- Detection of permission changes
- Is there a parameter in rsync to clean $BACKUPDIR before writing to it (--backup-dir=$BACKUPDIR)?
- Is there a parameter in rsync to clean $BACKUPDIR before writing to it (--backup-dir=$BACKUPDIR)?
- How to discern when like dir names exist in 2 places
- How to discern when like dir names exist in 2 places