From 27b29d20e68028ef8da8854c43c566187ef7aaea Mon Sep 17 00:00:00 2001 From: Mario Alegre Date: Sat, 12 Dec 2020 23:30:04 -0500 Subject: [PATCH] minor updates --- linux/system/rrsync.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/linux/system/rrsync.md b/linux/system/rrsync.md index 4d4f38b..af7cd4f 100644 --- a/linux/system/rrsync.md +++ b/linux/system/rrsync.md @@ -2,19 +2,19 @@ ## setup -copy rrsync script to `/usr/local/bin`: +copy the rrsync script to `/usr/local/bin`: ``` sudo cp /usr/share/rsync/scripts/rrsync /usr/local/bin/ sudo chmod +x /usr/local/bin/rrysnc ``` -There is an option in the SSHD configuration file for allowing root logins only with the command parameter set. This allows a client to login to the server as root if they have a key in root's authorized_keys, but only if that key has the "`command`" parameter set. +There is an option in the SSHD configuration file for allowing root logins only with the command parameter set. This allows a client to login to the server as root if they have a key in root's `authorized_keys`, but only if that key has the '`command`' directive set. -To activate this option, set the following option in `/etc/ssh/sshd_config`: +To activate this option, add the following option to `/etc/ssh/sshd_config`: ``` PermitRootLogin forced-commands-only ``` -And don't forget to reload SSH daemon: +And don't forget to reload the SSH daemon: ``` sudo systemctl reload sshd ``` @@ -27,14 +27,14 @@ rrsync [-ro|-wo] SUBDIR ``` rrsync can be restricted to read-only mode by the `-ro` flag, or write-only mode by the `-wo` flag. The subdir argument sets the directory that rrsync is restricted to. Rrsync will not be allowed to read or write from anywhere other than that directory. -To add a command directive to an authorized key, simply include the directive '`command="my_command"`' in front of the rest of the key on that line in the authorized_keys file. For example, so add a key that is restricted to only being able to run rrsync in read-only mode on the directory `/foo`, you would add the following command directive in front of the key: +To add a command directive to an authorized key, simply include the directive '`command="my_command"`' in front of the rest of the key on that line in the `authorized_keys` file. For example, to add a key that is restricted to only being able to run rrsync in read-only mode on the directory `/foo`, you would add the following command directive in front of the key: ``` command="rrsync -ro /foo" ``` When a remote client attempts to use this key to run a command on the host, the `command` directive causes SSHD to ignore any commands sent by the client, and execute the actions specified in the `command` directive instead. Rrsync will then be able to parse your attempted rsync command, and execute it if it determines that it is an allowed action. -Note that any remote directories in the client's rsync command must be specified *relative to the subdirectory* specified in the `command` directive. For example, if a client wants to pull the contents of the directory `/foo/bar` on the server to the same directory on the client using the key from the example above, they would run the command: +Note that any remote directories in the client's rsync command must be specified *relative to the subdirectory* given in the `command` directive. For example, if a client wanted to pull the contents of the directory `/foo/bar` on the server to the same directory on the client using the key from the example above, they would run the command: ``` rsync -av server:bar/ /foo/bar/ ```