Hi, I added a few things to allow the rsync daemon more refined authorization and authentication than the current implementation. The attached patch file is against the 3.0.6 version.
Additions: 1. allow the uid and gid used to access a certain module to be determined by the authenticated user - uid = __auth__ will use the auth_user's uid gid = __auth__ will use the auth user's main group's gid 2. seteuid and not just setuid 3. added "rw users" to allow read/write access to a module, "ro users" to allow read only access to a module and "deny users". "read only" on the module overrides the user's authorization. 4. added support for groups - with a '@' prefix. For instance: "auth users = tridge, susan, @rsync_users" Authorization logic: 1. If the ACL contains a user-specific rule that matches the user, then the user is granted rights according to this rule (including denying access if the permission is none). 2. If the ACL contains a group-rule that denies access of a group the user belongs to (permission=none), then access is denied. 3. If the ACL contains a group-rule that grants read/write access to a group the user belongs to, then the user gets read/write access 4. If the ACL contains a group-rule that grants read-only access to a group the user belongs to, then the user gets read-only access 5. The user is authorized access (for backward compatibility with older rsync versions) Please consider commiting this patch for future releases of rsync. Thanks, Amir
rsync_auth.patch
Description: Binary data
-- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
