Hi there, this is my first posting to this list, so let me quickly introduce myself. I'm Alex and currently working on a new version of the rsync package for the eisfair Linux distribution?. I have some problems understanding the behaviour of the 'auth users' option in the rsyncd.conf file when running rsync in daemon mode. I set up a module and a secrets file. This is the behaviour I came across: Setting 'auth users = alice bob', 'auth users = alice,bob', and 'auth users = alice, bob' all seem to be equivalent. In each of these three cases I can successfully connect to the daemon, which asks for a password then. On providing a wrong password or a username different from 'alice' or 'bob' the rsync daemon denies a connection. This is more or less what I expected from this sentence in the manpage: This parameter specifies a comma and space-separated list of usernames that will be allowed to connect to this module. If I omit or outcomment the 'auth users' line, everyone is allowed to connect and this is also how I understood the manpage. Now if I use the following line, also everyone is allowed to connect: auth users So if I don't put any username there, it's like I would have omitted the line. This is not quite what I expected. This may be senseless but I would have expected, the rsync daemon would deny everyone to connect then, because he would check an empty list against the secrets file. Is there a way to accomplish this behaviour, denying access? Or maybe a similar behaviour without dropping the whole section of this module from the config file and without changing any of the other parameters configured in this module? Greets Alex ? http://www.eisfair.org/ -- ?With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.? (Jean-Luc Picard, quoting Judge Aaron Satie) *** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601 D1D5 8FBA 7744 CC87 10D0 *** -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/rsync/attachments/20100121/c5b4f6e4/attachment.pgp>
On Thu 21 Jan 2010, Alexander Dahl wrote:> > If I omit or outcomment the 'auth users' line, everyone is allowed to > connect and this is also how I understood the manpage. > > Now if I use the following line, also everyone is allowed to connect: > > auth users > > So if I don't put any username there, it's like I would have omitted the > line. This is not quite what I expected. This may be senseless but IActually it's exactly what I would have expected, not specifying a list is the same as leaving the list empty, which "auth users = " without any names does. I guess it's a matter of point of view :-)> would have expected, the rsync daemon would deny everyone to connect > then, because he would check an empty list against the secrets file. Is > there a way to accomplish this behaviour, denying access? Or maybe aPut a user in there that doesn't exist in the password file? Paul
do you mean this? auth users = non-exist user? On Fri, Jan 22, 2010 at 02:03, Alexander Dahl <post at lespocky.de> wrote:> Hi there, > > this is my first posting to this list, so let me quickly introduce > myself. I'm Alex and currently working on a new version of the rsync > package for the eisfair Linux distribution?. > > I have some problems understanding the behaviour of the 'auth users' > option in the rsyncd.conf file when running rsync in daemon mode. I set > up a module and a secrets file. This is the behaviour I came across: > > Setting 'auth users = alice bob', 'auth users = alice,bob', and > 'auth users = alice, bob' all seem to be equivalent. In each of these > three cases I can successfully connect to the daemon, which asks for a > password then. On providing a wrong password or a username different > from 'alice' or 'bob' the rsync daemon denies a connection. This is more > or less what I expected from this sentence in the manpage: > > ?This parameter specifies a comma and space-separated list of usernames > ?that will be allowed to connect to this module. > > If I omit or outcomment the 'auth users' line, everyone is allowed to > connect and this is also how I understood the manpage. > > Now if I use the following line, also everyone is allowed to connect: > > ?auth users > > So if I don't put any username there, it's like I would have omitted the > line. This is not quite what I expected. This may be senseless but I > would have expected, the rsync daemon would deny everyone to connect > then, because he would check an empty list against the secrets file. Is > there a way to accomplish this behaviour, denying access? Or maybe a > similar behaviour without dropping the whole section of this module from > the config file and without changing any of the other parameters > configured in this module? > > Greets > Alex > > ? http://www.eisfair.org/ > > -- > ?With the first link, the chain is forged. The first speech censured, > the first thought forbidden, the first freedom denied, chains us all > irrevocably.? (Jean-Luc Picard, quoting Judge Aaron Satie) > *** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601 ?D1D5 8FBA 7744 CC87 10D0 *** > > > -- > Please use reply-all for most replies to avoid omitting the mailing list. > To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync > Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html >-- contact me: MSN: walkerxk at gmail.com,walkerxk at hotmail.com GTALK: walkerxk at gmail.com QQ:25329680