Authprogs <https://github.com/daethnir/authprogs/> is a general purpose SSH command authenticator; it allows you to restrict what commands are allowed for a given SSH key. It's installable via pip and is in recent Debian and Ubuntu.
I recently added initial rsync support to authprogs. My goal is to make it an improvement over rrsync, providing more than just upload vs download and directory support. I'd be very interested in feedback from two communities: * end users/admins who would be interested in the functionality, and * developers to help sanity check the implementation While authprogs has been around for many years, this is the first version that supports rsync natively. Here's an example config: from: - 10.1.0.0/16 - 192.168.0.15 allow: # Allow rsync to recursively sync /tmp/foo/ to the server # including all the bits you get with '-a', but do not # allow downloads - rule_type: rsync allow_upload: true allow_recursion: true allow_archive: true paths: - /tmp/foo # Allow upload to some specific /srv/htdocs files and # any files/directories under /data/lhc/ # # Allow setting times, owner, and group, but no other options - rule_type: rsync allow_upload: true allow_owner: true allow_group: true allow_times: true paths: - /srv/htdocs/index.html - /srv/htdocs/status.html path_startswith: - /data/lhc/ I've just started scratching the surface of the server-side options of rsync, but have implemented all the most common ones (-a, -logptrD, --del, --delete-*, -vvvv, etc). The rsync docs are at https://github.com/daethnir/authprogs/blob/main/doc/authprogs.md#rsync-subrules Feedback heartily requested. -- Bri Hatch, Systems and Security Engineer. http://www.ifokr.org/bri/ The sooner you fall behind, the more time you'll have to catch up.
-- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html