Slime: rsync configuration file detailed

This article by show according to Lin Feng to provide friendship sponsorship, starting in the mud row world.

For the rsync server, the most important and complex is its configuration. The rsync server configuration file is/etc/rsyncd.conf, which controls authentication, access, logging, and so on.

Note: After the installation of rsync, do not want to MySQL, Nginx, Apache will give you a, the configuration file template.

This file can only be created by hand, but a template for that profile is given on Rsync's website. As follows:

Http://rsync.samba.org/ftp/rsync/rsyncd.conf.html

The file is made up of one or more module structures. A module definition starts with the module name in square brackets until the next module definition starts or the file ends.

The module contains a parameter definition that is formatted as name = value. Each module actually corresponds to a directory tree that needs to be backed up, for example, in our actual environment, there are three trees that need to be backed up:/www/,/home/web_user1/, and/home/web_user2/, then you need to define three modules in the configuration file. Corresponds to three directory trees respectively.

A configuration file is a unit of behavior, meaning that each new line represents a new comment, module definition, or parameter assignment. A line with a # start represents a comment, and a line ending with "" indicates that the following line is the continuation of the line. A parameter assignment may be a case-insensitive string, a Boolean value expressed in Trure/false or yes/no, after the equal sign.

Global parameters

All parameters before [Modlue] in a file are global parameters, but you can also define module parameters in the global Parameters section, when the value of this parameter is the default value for all modules.

MOTD file

The "MOTD file" parameter is used to specify a message file where the contents of the file are displayed to the client when the client connects to the server, and the default is no MOTD file. This file has no effect on the normal use of rsync.

Log file

"Log File" specifies the log file for rsync without sending the log to the syslog.

PID File

Specifies the PID file for rsync.

Syslog facility

Specifies the message level at which rsync sends log messages to syslog, with common message levels: Uth, Authpriv, cron, Daemon, FTP, Kern, LPR, mail, news, security, Sys-log, user, UUCP , Local0, Local1, Local2, Local3,local4, LOCAL5, Local6 and LOCAL7. The default value is daemon.

Module parameters

After the global parameter, you need to define one or more modules, which can be defined in the module:

Comment

Assign a description to the module, which, together with the module name, is displayed to the customer when the client connects to the module list. The default does not describe the definition.

Path

Specifies the directory tree path for the module to be backed up, which must be specified.

Use Chroot

If use chroot is specified as true, rsync first chroot to the directory specified by the path parameter before transferring the file. The reason for this is to implement additional security, but the disadvantage is that root permissions are required, and you cannot back up the directory files that point to external symbolic connections. By default, the Chroot value is true.

Max connections

Specifies the maximum number of concurrent connections for the module to protect the server, and exceeding the limit of connection requests will be told to retry later. The default value is 0, which means there is no limit.

Lock file

Specifies the lock file that supports the Max connections parameter, which is the default value of/var/run/rsyncd.lock.

Read Only

This option sets whether customers are allowed to upload files. If True then any upload requests will fail, if False and the server directory read and write permissions allow the upload to be allowed. The default value is true.

List

This option sets whether the module should be listed when the list of modules that the customer requests can be used. If you set this option to False, you can create a hidden module. The default value is true.

Uid

This option specifies the UID that the daemon should have when the module transmits the file, with the GID option using the file permissions that can determine what access is available, and the default value is "nobody".

Gid

This option specifies the GID that the daemon should have when the module transmits files. The default value is "nobody".

Exclude

Used to specify more than one list of patterns separated by spaces and add them to the exclude list. This is equivalent to using--exclude in the client command to specify the pattern, but the exclude pattern specified in the configuration file is not passed to the client and is applied only to the server. A module can specify only one exclude option, but you can use "-" and "+" in front of the pattern to specify whether it is exclude or include.

However, it is important to note that this option has a certain security issue and that the customer is likely to bypass the exclude list, which is best combined with the UID/GID option if you want to ensure that a particular file cannot be accessed.

Exclude from

Specifies a file name that contains the definition of the exclude schema from which the server reads the Exclude list definition.

Include

A list of patterns used to specify multiple rsync separated by spaces and should be exlude. This equates to the use of--include in client commands to specify patterns, with include and exclude to define complex exclude/include rules. A module can specify only one Include option, but you can use "-" and "+" in front of the pattern to specify whether it is exclude or include.

Include from

Specifies a file name that contains the definition of the include pattern from which the server reads the Include list definition.

Auth Users

This option specifies the list of user names separated by spaces or commas, and only those users are allowed to connect to the module. There is no relationship between the user and the system user. if the "Auth users" is set, then the client sends a connection request to the module that will be authenticated by the rsync request challenged, which uses the Challenge/response authentication protocol. The user's name and password are stored in plaintext in the file specified by the "Secrets file" option. By default, no password is required to connect to the module (that is, anonymous mode).

Secrets file

This option specifies a file that contains a password pair that defines the user name: This file is only useful if the "auth users" is defined. Each line of the file contains one username:passwd pair. In general, passwords are best not to exceed 8 characters. There is no default secures file name, you need to specify a limit. (Example:/etc/rsyncd.secrets)

Strict modes

This option specifies whether to monitor the permissions of the password file, and if the option value is true then the password file can only be accessed by the user running the Rsync server, and no other user can access the file. The default value is true.

Hosts allow

This option specifies which IP clients are allowed to connect to the module. The customer pattern definition can be in the following form:

XXX.XXX.XXX.XXX, the client host only has an exact match to that IP to allow access. Example: 192.167.0.1

a.b.c.d/n, customers who belong to the network are allowed to connect to the module. Example: 192.168.0.0/24

A.b.c.d/e.f.g.h, customers who belong to the network are allowed to connect to the module. Example: 192.168.0.0/255.255.255.0

A host name that allows access to the client host only if it has the hostname, for example: backup.linuxaid.com.cn.

*.linuxaid.com.cn, all hosts that belong to the domain are allowed.

The default is to allow all hosts to connect.

Hosts Deny

Specifies that machines not allowed to connect to the Rsync server can be defined using the definition of hosts allow. The default is no hosts deny definition.

Ignore errors

Specifies that RSYNCD ignores IP errors on the server when deciding whether to run the transfer, and in general, Rsync skips the--delete operation when an IO error occurs to prevent serious problems due to temporary resource shortages or other IO errors.

Ignore nonreadable

Specifies that the RYSNC server completely ignores files that the user does not have access to. This is useful for situations where some files in a directory that need to be backed up should not be available to the backup person.

Transfer logging

Make the Rsync server use FTP-formatted files to record download and upload operations in its own separate log.

Log format

With this option, users can customize the fields of the log file by using transfer logging. The format is a string that contains the format definition, and the format definition you can use is as follows:

%H Remote Host Name

%a Remote IP Address

%l file length of characters

%p The process ID of the rsync session

%o Operation type: "Send" or "recv"

%f file name

%P Module Path

%M Module Name

%t Current Time

%u authenticated user name (null when anonymous)

%b number of bytes actually transferred

%c when a file is sent, the field records the checksum of the file

The default log format is: "%o%h [%a]%m (%u)%f%l", in general, "%t [%p]" is added to the head of each line. A Perl script called Rsyncstats is also published in the source code to count the log files in this format.

Timeout

This option allows you to override the IP time-out period specified by the customer. This option ensures that the rsync server does not wait forever for a crashed client. The timeout unit is seconds, and 0 means there is no timeout definition, which is also the default value. An ideal number for an anonymous rsync server is 600.

Refuse options

This option allows you to define a list of command parameters that are not allowed to be used by customers on the module. The full name of the command must be used here, not the abbreviation. However, when a command is rejected, the server reports an error message and then exits. If you want to prevent the use of compression, it should be: "Dont compress = *".

Dont compress

Used to specify files that are not compressed and then transferred, the default value is *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz.

Slime: rsync configuration file detailed