[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rssh security update breaks rsync via Synology's "hyper backup"

Roman Medina-Heigl Hernandez <roman@rs-labs.com> writes:

> Well, in my case I had the following setting in rsyncd.conf:

> path = /backup/synology

> where path points to a different directory which is NOT $home nor
> doesn't permit to reach $home.

> So you cannot overwrite /home/synology/rsyncd.conf.

Can the client just do:

    rsync rsyncd.conf <your-host>:./

first?

I think to make this safe the home directory has to not be owned by the
rssh user and not be writable by it.  That might be safe as long as the
current working directory of rsync is always the home directory.

(In your particular case, as mentioned in the previous message, I'm pretty
sure command="rsync --server -daemon ." in the authorized_keys file does
what you want since you don't need to allow other arbitrary rsync
commands.)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: