thanks,
i have to admit i have underestimated rrsync. looks like a powerful
tool, and testing looks quite promsing.
it seems i need to do only minimal changes to our backup solution.
unfortunately, rrsync is not available on some platforms like macos, not
even homebrew rsync 3.4.1 does bundle it (yet).
regards
Roland
Am 08.04.26 um 18:22 schrieb Kevin Korb via rsync:
You can do this by restricting the ssh key to rrsync (comes with rsync
in the contrib dir). It has a read only and a write only mode. If the
path you give it is / then it is pretty much transparent unless one of
those options is also used.
Otherwise, you can use the rsyncd over ssh setup which is kinda ugly
and would require the same forcing method to not just be optional.
On 4/8/26 12:18, RolandK via rsync wrote:
Hello,
we are using rsync mostly exclusively for packup purpose in "pull
mode" , run via script from a central backup server.
for that, we typically have allowed remote root login via ssh key.
rsync from the backup server pulls data from all hosts to be backed
up via ssh/rsync remote pipe.
it's running great for years in conjunction with zfs + inplace +
rotating snapshots.
besides the fact that we can use ssh security features to restrict
what commands can be run from remote - i am curious:
wouldn't it be an interesting idea to have some feature/switch in
rsync, which can globally (on a per host basis) turn rsync
into "read-only" mode,
i.e. which makes rsync binary drop any capability of using
write/modify/ delete syscalls ? maybe via some hard-coded
/etc/rsync.conf , checked on startup ?
does this sound reasonable and wold someone find this useful , too ?
regards
roland
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
