GNU Rush – a restricted user shell (split by node):   Section:   Chapter:FastBack: Usage Tips   Up: Usage Tips   FastForward: Test Mode   Contents: Table of ContentsIndex: Concept Index

6.2 rsync

On the server side, rsync is executed with the --server command line option. In addition, when copying files from the server, the --sender option is used. This allows to discern between incoming and outgoing requests.

In our setup, rsync is used the same way as scp, so the two rules will be:

rule rsync-incoming
  command ^rsync --server
  command ! --sender
  match[$] /incoming/
  match[$] ! \.\./
  transform[0] s|^|/usr/bin/|
  transform[$] s|^|/home/ftp/|

rule rsync-home
  command ^rsync
  match[$] ! ^[^/]
  match[$] ! \.\./
  transform[0] s|^|/usr/bin/|
  transform[$] s|^|public_html/|
  chdir ~

The trap rules for rsync are trivial:

rule rsync-to-trap
  command ^rsync
  command --sender
  exit Error: Downloads from this directory prohibited

rule rsync-from-trap
  command ^rsync
  exit Error: Uploads to this directory prohibited