rrsync Setup Notes
rrsync is a wrapper script which limits the access of rsync to a sub-hierarchy of the filesystem. this is useful for automated tasks like backups or deploying things. i bet there are plenty other write-ups on this, so i have to add mine.
rrsync is usually included in your distributions rsync package,
/usr/doc/rsync on slackware. i’ll just assume here that it is somewhere in
create an additional ssh-key for rrsync usage
we want a new ssh key for this, which will be limited to executing the rrsync script:
ssh-keygen -f .ssh/id_rsa_deploy
for the best plug&play experience, use an empty passphrase.
copy the keys public part & add options
usually ssh-copy-id can be used for this, but as we want to add options it can be
done manually aswell. the resulting line in
.ssh/authorized_keys should look like
command="rrsync /rsync/base/path",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAA[...]
run run a limited rsync with
rsync -e "ssh -i $HOME/.ssh/id_rsa_deploy" -v -a path/ remote:subdir/
note that the remote rsync sees the filesystem like chrooted, you only have to give it