With ssh all subfolders and files in the users home dir are available for sync. This might be a question about protocol versions, BUT this is a HUGE security risk. All data should be after this point: Rsyncd server version: [carlsen@christina carlsen]$ rsync --version rsync version 2.5.5 protocol version 26 Copyright (C) 1996-2002 by Andrew Tridgell and others <http://rsync.samba.org/> Capabilities: 64-bit files, socketpairs, hard links, symlinks, batchfiles, IPv6, 64-bit system inums, 64-bit internal inums rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. [carlsen@christina carlsen]$ rsync client: silver:~rsync --version rsync version 2.6.2 protocol version 28 Copyright (C) 1996-2004 by Andrew Tridgell and others <http://rsync.samba.org/> Capabilities: 64-bit files, socketpairs, hard links, symlinks, batchfiles, IPv6, 32-bit system inums, 64-bit internal inums rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. silver:~> File: rsyncd.conf: max connections = 2 log file = /var/log/rsync.log timeout = 300 [selskab] comment = /home/carlsen/selskab path = /home/carlsen/selskab read only = no list = yes uid = carlsen gid = carlsen auth users = carlsen secrets file = /etc/rsyncd.secrets [vandvaerk] comment = /work/Work/Vandvaerk path = /work/Work/Vandvaerk read only = no list = yes uid = carlsen gid = carlsen # auth users = carlsen # secrets file = /etc/rsyncd.secrets [regnskab] comment = /home/carlsen/Regnskab path = /home/carlsen/Regnskab read only = no list = yes uid = carlsen gid = carlsen # auth users = carlsen # secrets file = /etc/rsyncd.secrets From client direct connection: silver:~>rsync christina:: selskab /home/carlsen/selskab vandvaerk /work/Work/Vandvaerk regnskab /home/carlsen/Regnskab silver:~> From client via ssh: silver:~>rsync christina: Enter passphrase for key '/Users/carlsen/.ssh/id_rsa': drwx------ 4096 2005/01/02 22:31:19 . -rw-r--r-- 12292 2005/01/02 18:18:29 .DS_Store -rw------- 193 2004/08/08 22:01:43 .ICEauthority drwx------ 4096 2003/10/12 19:15:07 .Trash -rw------- 185 2005/01/02 13:14:32 .Xauthority -rw------- 10359 2005/01/02 17:52:33 .bash_history -rw-r--r-- 24 2003/02/11 14:34:44 .bash_logout -rw-r--r-- 191 2003/02/11 14:34:44 .bash_profile -rw-r--r-- 124 2003/02/11 14:34:44 .bashrc -rw-r--r-- 5531 2003/02/04 10:32:13 .canna drwx------ 4096 2003/08/05 00:50:28 .cedit -rw-r--r-- 847 2003/02/20 07:41:26 .emacs -rw------- 16 2003/08/04 02:33:07 .esd_auth -rw------- 66 2005/01/03 00:02:17 .fetchids -rw-r--r-- 1730292 2005/01/03 00:02:17 .fetchmail.log -rw------- 9 2004/08/29 17:39:36 .fetchmail.pid -rw------- 749 2003/12/30 03:11:16 .fetchmailrc -rw------- 749 2003/11/01 13:56:36 .fetchmailrc.test -rw------- 737 2003/11/27 10:20:58 .fetchmailrc.work -rw-r--r-- 39817 2004/12/19 14:11:58 .fonts.cache-1 drwxr-xr-x 4096 2003/09/23 22:44:27 .fullcircle drwx------ 4096 2004/12/19 14:12:40 .gconf drwx------ 4096 2004/12/19 14:12:40 .gconfd drwx------ 4096 2003/08/04 00:29:20 .gftp drwx------ 4096 2004/03/07 21:40:03 .gnome drwxr-xr-x 4096 2003/10/12 19:14:58 .gnome-desktop drwxr-xr-x 4096 2004/08/08 22:01:34 .gnome2 drwx------ 4096 2003/08/04 00:38:51 .gnome2_private drwx------ 4096 2003/10/17 16:38:06 .gnome_private drwxr-xr-x 4096 2003/08/31 14:37:30 .gstreamer -rw-r--r-- 120 2003/02/27 00:15:12 .gtkrc -rw-r--r-- 138 2003/08/04 00:38:57 .gtkrc-1.2-gnome2 drwxr-xr-x 4096 2003/08/04 01:50:12 .kde drwx------ 4096 2003/10/09 20:52:49 .macromedia -rw-r--r-- 5200 2004/12/29 13:04:24 .mailboxlist -rw-r--r-- 1541 2003/09/27 14:22:06 .mailcap drwxr-xr-x 4096 2005/01/02 20:02:12 .mc drwx------ 4096 2003/08/04 00:39:24 .metacity -rw-r--r-- 635 2003/09/27 14:22:06 .mime.types drwx------ 4096 2003/08/04 01:38:33 .mozilla drwxr-xr-x 4096 2003/08/04 00:39:14 .nautilus drwxr-xr-x 4096 2003/09/27 14:22:01 .netscape drwxr-xr-x 4096 2003/09/27 14:22:01 .netscape6 drwxr-xr-x 4096 2003/09/27 14:22:19 .openoffice drwx------ 4096 2003/08/04 01:50:36 .qt -rw------- 1485 2004/08/08 21:49:17 .recently-used -rw------- 497 2003/08/04 00:39:24 .rhn-applet.conf drwx------ 4096 2003/11/02 16:20:18 .ssh -rw-r--r-- 69 2003/09/27 14:22:10 .sversionrc drwx------ 4096 2003/08/31 14:37:25 .thumbnails -rw-r--r-- 33 2004/05/24 01:30:16 .toprc -rw-r--r-- 2048 2003/09/27 14:22:35 .user60.rdb -rw------- 9132 2003/11/15 23:00:45 .viminfo drwxr-xr-x 4096 2003/08/04 00:24:48 .xemacs -rw-r--r-- 9096 2003/10/11 22:16:37 .xscreensaver -rw------- 960 2003/11/28 00:19:14 .xsession-errors drwxr-xr-x 4096 2004/11/08 22:10:49 Bank drwxr-xr-x 4096 2004/07/22 21:16:05 Bil drwxr-xr-x 4096 2004/07/17 19:03:32 Billeder -rw------- 53457 2004/12/28 03:53:10 Drafts drwxr-xr-x 4096 2001/08/26 17:32:50 Ferie2001 drwxr-xr-x 4096 2003/07/19 18:16:43 Hus -rw------- 571 2004/06/07 09:01:09 Junk drwxr-xr-x 4096 2004/02/21 23:27:49 MMC-card contents drwxr-xr-x 4096 2004/12/31 01:34:30 OpenCA drwx------ 4096 2005/01/02 22:55:13 Passwords and registrations drwxr-xr-x 4096 2005/01/02 19:56:04 Regnskab drwxr-xr-x 4096 2003/03/20 21:19:21 Skat drwxr-xr-x 4096 2001/08/26 17:31:54 Sus -rw------- 78672 2005/01/02 22:31:19 Trash drwxr-xr-x 4096 2003/07/06 03:07:59 address-book drwxr-xr-x 4096 2002/02/07 20:49:23 apache drwxr-xr-x 4096 2005/01/02 04:39:57 bin drwxr-xr-x 4096 2004/12/26 18:52:15 download drwx------ 4096 2004/03/07 21:41:12 evolution drwxr-xr-x 4096 2004/12/26 14:02:55 home drwx------ 4096 2005/01/03 00:03:36 mail drwxr-xr-x 4096 2003/03/20 20:07:39 nette drwxr-xr-x 4096 2002/02/02 17:40:26 pppoe drwxr-xr-x 4096 2002/05/26 22:18:38 public_html drwxr-xr-x 4096 2004/12/26 13:31:00 selskab drwxr-xr-x 4096 2005/01/02 18:18:28 tmp drwxr-xr-x 4096 2004/12/29 19:26:30 vandvaerk silver:~>
If the user has ssh access to a system, they can run any command they wish, including "rm" or "bash", so it is not a security risk that rsync also lets them access/manipulate all the same files as any other command. You may wish to look into ssh's restricted command features if you don't wish to let users run certain commands via ssh (such as rsync). If you're wanting to secure the daemon mode access, use some kind of tunnel, such as stunnel to secure the socket connections: http://www.stunnel.org/examples/rsync_mike.html
The other half of the bug is that it does not allow transfers to folders outside my own home. At lest not directly from the command line. Have I missed a way to do that? My point with this is that I actually found this bug by doing sync of the exact same data with the exact same command line from the exact same folder and the result was that I had two different synchronised datasets. Basically it does not seem to use rsyncd.conf when going over ssh. What did I miss?
(In reply to comment #2) > Basically it does not seem to use rsyncd.conf when going over ssh. That's the difference between daemon mode and remote-shell mode. See the docs: http://rsync.samba.org/ftp/rsync/rsync.html The difference has nothing to do with ssh and everything to do with using either ":" or "::" -- yes, they're radically different.