You can do this by restricting the ssh key to rrsync (comes with rsync
in the contrib dir). It has a read only and a write only mode. If the
path you give it is / then it is pretty much transparent unless one of
those options is also used.
Otherwise, you can use the rsyncd over ssh setup which is kinda ugly and
would require the same forcing method to not just be optional.
On 4/8/26 12:18, RolandK via rsync wrote:
Hello,
we are using rsync mostly exclusively for packup purpose in "pull
mode" , run via script from a central backup server.
for that, we typically have allowed remote root login via ssh key.
rsync from the backup server pulls data from all hosts to be backed up
via ssh/rsync remote pipe.
it's running great for years in conjunction with zfs + inplace +
rotating snapshots.
besides the fact that we can use ssh security features to restrict what
commands can be run from remote - i am curious:
wouldn't it be an interesting idea to have some feature/switch in rsync,
which can globally (on a per host basis) turn rsync into "read-only" mode,
i.e. which makes rsync binary drop any capability of using write/modify/
delete syscalls ? maybe via some hard-coded /etc/rsync.conf , checked
on startup ?
does this sound reasonable and wold someone find this useful , too ?
regards
roland
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
