rsync - Feb 2002 - Path restriction in RSync

Hi,

I am loosing myself here. Please correct me as I obviously don't get it yet.

I read the information on multiple sites so far about rsync and I thought
that:

[simple_path_name]
   path = /rsync_files_here
   comment = My Very Own Rsync Server
   uid = nobody
   gid = nobody
   read only = no
   list = yes
   auth users = username
   secrets file = /etc/rsyncd.scrt

Would actually limit where a remote connection could get information from.

So, I thought that the [] section would define a name and mostly a path from
witch you would have access from like in Samba.

Then that you would be lock there, so you couldn't go about that path.

Also, it is said that rsync should run as root, ok I would prefer not, but I
can deal with that.

So, the only way so far that I was able to limit the access for the transfer
was to have rsync run under a different use, but this would limit to that
user right only.

So, I need help to understand this or better yet, a pointer someplace that
would explain it right.

Right now, it does work, but not how I would expect it.

I could get file transfer from the root of the system for example as rsyn on
the server run as root, but wouldn't if I set it up to use a different user.
I guess it is very stupid, but I obviously don't get something here.

Can anyone put light on me please!

Many thanks for you time.

Daniel

Details:
Server run rsync as daemon under root and use ssh

webfarm1# more /etc/rsyncd.conf
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock

uid = nobody
gid = nobody
read only = yes
list = yes

[www]
        path = /path/to/a/series of web sites
        comment = This is the root fo the Web Sites.

[your web site]
        path = /path/to/your web site
        comment = Your web site.

Am I wrong by thinking that so far with all my test that the module options
are useless when you are doing rsync +ssh.

Why I am saying this is that even is I have a section

[module]
hosts allow 192.168.2.2
etc.

and my IP address is not that one, I still get access to the rsync server
and can transfer files.

The manual said that the module options are local, not global.

So, I try to not have any and I still have access to the rsync server and I
can't limit the access with hosts allow.

So, in short, what I am not getting.

Is all the options can't apply globally to configure a server, then have
module section and that the only way to control access and restriction would
be with the user name on the system itself under witch rsync would run as a
daemon?

More I read and test, and more I am getting lost.

Thanks

Daniel