From owner-freebsd-isp  Wed Jun  6  7:37:40 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from mout0.freenet.de (mout0.freenet.de [194.97.50.131])
	by hub.freebsd.org (Postfix) with ESMTP id 350BD37B401
	for <freebsd-isp@freebsd.org>; Wed,  6 Jun 2001 07:37:38 -0700 (PDT)
	(envelope-from Alexander@leidinger.net)
Received: from [194.97.50.144] (helo=mx1.freenet.de)
	by mout0.freenet.de with esmtp (Exim 3.22 #1)
	id 157eR5-00059A-00; Wed, 06 Jun 2001 16:37:27 +0200
Received: from b8319.pppool.de ([213.7.131.25] helo=Magelan.Leidinger.net)
	by mx1.freenet.de with esmtp (Exim 3.22 #2)
	id 157eR2-0006E4-00; Wed, 06 Jun 2001 16:37:26 +0200
Received: from Leidinger.net (netchild@localhost [127.0.0.1])
	by Magelan.Leidinger.net (8.11.4/8.11.4) with ESMTP id f56EZw018621;
	Wed, 6 Jun 2001 16:35:59 +0200 (CEST)
	(envelope-from netchild@Leidinger.net)
Message-Id: <200106061435.f56EZw018621@Magelan.Leidinger.net>
Date: Wed, 6 Jun 2001 16:35:57 +0200 (CEST)
From: Alexander Leidinger <Alexander@Leidinger.net>
Subject: Re: rsync for mirroring
To: jim@siteplus.net
Cc: erichz@superhero.org, freebsd-isp@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.21.0106060758450.796-100000@veager.siteplus.net>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

On  6 Jun, Jim Weeks wrote:

> I found this article very helpful http://www.freebsddiary.org/rsync.php
> 
> You should be able to run the daemon fairly securely as (uid root) and (gid
> wheel) as long as you follow the directions in the security section.  You
> should also set (list=false) in order to protect the names of your
> modules.
> 
> I should think that with the anonymity of your rsync user-name (which by
> the way does not have to coincide with any system user-name), hidden
> password and hidden module names combined with ssh encryption, you should
> be fairly secure.

I haven't read the article, but if I read the above paragraph: No! Don't
rely on security by obscurity!

If you run ssh as root: just do ssh port forwarding and only allow
connections to the rsync daemon from localhost. Now just connect the
rsync client to the ssh tunnel.
But: do this only if you trust the users on the system where the rsync
daemon runs.

Bye,
Alexander.

-- 
      ...and that is how we know the Earth to be banana-shaped.

http://www.Leidinger.net                       Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message