Mud: rsync configuration file details, mud rsync configuration file

Mud: rsync configuration file details, mud rsync configuration file

This article was sponsored by Xiuyi linfeng and first launched in the dark world.

The most important and complex rsync server is its configuration. The configuration file of the rsync server is/etc/rsyncd. conf, which controls authentication, access, and logging.

Note: After rsync is installed, you will be given a template for this configuration file instead of mysql, nginx, or apache.

This file can only be created manually, but a template for this configuration file is provided on the official website of rsync. As follows:

Http://rsync.samba.org/ftp/rsync/rsyncd.conf.html

This file is composed of one or more modules. A module definition starts with the module name in square brackets until the definition of the next module or the end of the file.

The module contains parameter definitions in the format of name = value. Each module corresponds to a directory tree to be backed up. For example, in our actual environment, there are three directory trees to be backed up: /www/,/home/web_user1/, And/home/web_user2/, You need to define three modules in the configuration file to correspond to three directory trees respectively.

The configuration file is the unit of action, that is, each new line represents a new comment, module definition, or parameter value assignment. The row starting with # indicates the comment, and the row ending with "" indicates that the following row is the continuation of the row. After the parameter value is a medium number, it may be a case-insensitive string, a Boolean Value indicated by trure/false or yes/no.

Global Parameters

In the file, all parameters before [modlue] are global parameters. Of course, you can also define the module parameters in the global parameters section. At this time, the value of this parameter is the default value of all modules.

Motd file

The "motd file" parameter is used to specify a message file. When the client connects to the server, the file content is displayed to the client. By default, there is no motd file. This file does not affect the normal use of rsync.

Log file

"Log file" specifies the log file of rsync, instead of sending the log to syslog.

Pid file

Specify the pid file of rsync.

Syslog facility

Specifies the message level when rsync sends a log message to syslog. Common Message levels are: uth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, security, sys-log, user, uucp, local0, local1, local2, local3, local4, local5, local6, and local7. The default value is daemon.

Module Parameters

One or more modules need to be defined after global parameters. The following parameters can be defined in the module:

Comment

Specify a description for the module. This description, together with the module name, is displayed to the customer when the customer connects to the module list. No description is defined by default.

Path

Specifies the directory tree path for backup of this module. This parameter must be specified.

Use chroot

If "use chroot" is set to true, rsync first transfers the chroot file to the directory specified by the path parameter before transferring the file. The reason for this is to implement additional security protection, but the disadvantage is that the root permission is required, and the directory file pointed to by the external symbolic connection cannot be backed up. The default chroot value is true.

Max connections

Specify the maximum number of concurrent connections for this module to protect the server. connection requests that exceed the limit will be notified and then try again. The default value is 0, that is, there is no limit.

Lock file

Specifies the lock file that supports the max connections parameter. The default value is/var/run/rsyncd. lock.

Read only

This option allows users to upload files. If this parameter is set to true, all upload requests will fail. If this parameter is set to false and the server directory read/write permission permits upload. The default value is true.

List

This option sets whether the module should be listed when the customer requests a list of available modules. If this option is set to false, you can create a hidden module. The default value is true.

Uid

This option specifies the uid that the daemon should have when the module transfers files. With the gid option, you can determine which file permissions can be accessed. The default value is "nobody ".

Gid

This option specifies the gid that the daemon should have when the module transfers files. The default value is "nobody ".

Exclude

It is used to specify multiple mode lists separated by spaces and add them to the exclude list. This is equivalent to using -- exclude to specify the mode in the Client Command. However, the exclude mode specified in the configuration file is not passed to the client, but only applied to the server. A module can only specify one exclude option, but you can use "-" and "+" before the mode to specify whether exclude or include.

However, you must note that this option has certain security issues. The customer may bypass the exclude list. If you want to ensure that a specific file cannot be accessed, then it is best to use the uid/gid option together.

Exclude from

Specifies a file name that contains the definition of the exclude mode. The server reads the definition of the exclude list from the file.

Include

It is used to specify multiple rsyncs separated by spaces and the list of modes that should be exlude. This is equivalent to using -- include in client commands to specify the mode. You can use include and exclude to define complex exclude/include rules. A module can only specify one include option, but you can use "-" and "+" before the mode to specify whether exclude or include.

Include from

Specifies a file name that contains the definition of the include mode. The server reads the definition of the include list from this file.

Auth users

This option specifies a list of usernames separated by spaces or commas. Only these users can connect to this module.The user here has nothing to do with the System user.If "auth users" is set, the connection request sent by the client to this module will be verified by the rsync request challenged. The challenge/response authentication protocol is used here. The user's name and password are stored in plaintext in the file specified by the "secrets file" option. By default, the module can be connected without a password (that is, the anonymous mode ).

Secrets file

This option specifies a file that contains a defined user name: Password pair. This file works only when "auth users" is defined. Each row of the file contains a username: passwd pair. Generally, the password should not exceed 8 characters. The default secures file name does not exist. You must specify a limit. (For example,/etc/rsyncd. secrets)

Strict modes

This option specifies whether to monitor the permissions of the password file. If this option is set to true, the password file can only be accessed by users running the rsync server identity, and other users cannot access the file. The default value is true.

Hosts allow

This option specifies which IP addresses are allowed to connect to the module. The customer model can be defined in the following format:

Xxx. The client host is only allowed to access the host that exactly matches the IP address. Example: 192.167.0.1

A. B. c. d/n. All customers in this network can connect to this module. Example: 192.168.0.0/24

A. B. c. d/e. f. g. h. Customers of this network can connect to this module. Example: 192.168.0.0/255.255.255.0

A host name, which can be accessed only when the client host has this host name, for example, backup.linuxaid.com.cn.

* .Linuxaid.com.cn. All Hosts in this domain are allowed.

By default, all hosts are allowed to connect.

Hosts deny

Specify a machine that is not allowed to connect to the rsync server. You can use the hosts allow method to define it. Hosts deny is not defined by default.

Ignore errors

The specified rsyncd ignores the IP address error on the server when determining whether to run the delete operation during transmission. Generally, rsync will skip the -- delete operation when an IO error occurs, to prevent serious problems caused by temporary lack of resources or other IO errors.

Ignore nonreadable

Specify that the rysnc server ignores all files that the user does not have access. This makes sense when some files in the directory to be backed up should not be backed up by the backup owner.

Transfer logging

The rsync server uses ftp files to record the download and upload operations in its own separate log.

Log format

With this option, you can use transfer logging to customize the log file fields. The format is a string containing the format specifiers. The format specifiers can be used as follows:

% H remote host name

% A remote IP Address

% L file length characters

% P process id of the rsync session

% O operation type: "send" or "recv"

% F file name

% P module path

% M Module name

% T current time

% U authenticated user name (null when anonymous)

% B actual transmitted bytes

% C when a file is sent, this field records the file's verification code

The default log format is "% o % h [% a] % m (% u) % f % l". Generally, "% t [% p]" is added to the header of each line. In the source code, a perl script program named rsyncstats is released to collect statistics on log files in this format.

Timeout

This option overwrites the specified IP timeout value. This option ensures that the rsync server never waits for a crashed client. Timeout is measured in seconds. 0 indicates that no timeout is defined. This is also the default value. An ideal number for anonymous rsync servers is 600.

Refuse options

You can use this option to define a list of command parameters that cannot be used by customers for this module. The full name of the command must be used. However, when a command is rejected, the server reports an error message and then exits. To prevent compression, it should be: "dont compress = *".

Dont compress

Used to specify files that are not compressed and then transmitted. The default value is *. gz *. tgz *. zip *. z *. rpm *. deb *. iso *. bz2 *. tbz.