A slightly better patch file (removed some warnings).
On Wed, Aug 26, 2009 at 5:52 PM, Amir Rapson<amir.rap...@gmail.com> wrote: > Hi, > > I added a few things to allow the rsync daemon more refined > authorization and authentication than the current implementation. > The attached patch file is against the 3.0.6 version. > > Additions: > 1. allow the uid and gid used to access a certain module to be > determined by the authenticated user - > uid = __auth__ will use the auth_user's uid > gid = __auth__ will use the auth user's main group's gid > > 2. seteuid and not just setuid > > 3. added "rw users" to allow read/write access to a module, "ro users" > to allow read only access to a module and "deny users". > "read only" on the module overrides the user's authorization. > > 4. added support for groups - with a '@' prefix. For instance: "auth > users = tridge, susan, @rsync_users" > > Authorization logic: > 1. If the ACL contains a user-specific rule that matches the user, > then the user is granted rights according to this rule (including > denying access if the permission is none). > 2. If the ACL contains a group-rule that denies access of a group the > user belongs to (permission=none), then access is denied. > 3. If the ACL contains a group-rule that grants read/write access to a > group the user belongs to, then the user gets read/write access > 4. If the ACL contains a group-rule that grants read-only access to a > group the user belongs to, then the user gets read-only access > 5. The user is authorized access (for backward compatibility with > older rsync versions) > > Please consider commiting this patch for future releases of rsync. > > Thanks, > Amir >
rsync_auth.patch
Description: Binary data
-- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html