https://bugzilla.samba.org/show_bug.cgi?id=12817
Bug ID: 12817 Summary: [PATCH] Allow daemon itself to chroot Product: rsync Version: 3.1.2 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: core Assignee: way...@samba.org Reporter: ben.rub...@gmail.com QA Contact: rsync...@samba.org Created attachment 13248 --> https://bugzilla.samba.org/attachment.cgi?id=13248&action=edit rsync_daemon_chroot Hello, Here is a patch which adds 3 new parameters to rsyncd.conf : daemon chroot daemon gid daemon uid The first one is a path to a directory the daemon itself will chroot to before beginning communication with clients. The 2 others are the uid/gid the daemon itself will switch to before beginning communication with clients. These parameters can improve security. For example, using daemon via a restricted remote-shell connection, for security reasons, if we want whole rsync to be chrooted, we can now use : daemon chroot = /home/%SUDO_USER%/rsync/ daemon uid = %SUDO_UID% daemon gid = %SUDO_GID% With of course rsync being sudo-called by the restricted shell (to configure properly). We could already do this without this patch, using the "use chroot" parameter, but then the daemon itself is not chrooted and remains run by root. Thank you ! Ben -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html