rrsync Setup Notes
rrsync is a wrapper script which limits the access of rsync to a sub-hierarchy of the filesystem. this is useful for automated tasks like backups or deploying things. i bet there are plenty other write-ups on this, so i have to add mine.
rrsync is usually included in your distributions rsync package, /usr/doc/rsync on slackware. i'll just assume here that it is somewhere in $PATH.
create an additional ssh-key for rrsync usage
we want a new ssh key for this, which will be limited to executing the rrsync script:
ssh-keygen -f .ssh/id_rsa_deployfor the best plug&play experience, use an empty passphrase.
copy the keys public part & add options
usually ssh-copy-id can be used for this, but as we want to add options it can be
done manually aswell. the resulting line in .ssh/authorized_keys should look like
this:
command="rrsync /rsync/base/path",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAA[...]run run a limited rsync with
rsync -e "ssh -i $HOME/.ssh/id_rsa_deploy" -v -a path/ remote:subdir/note that the remote rsync sees the filesystem like chrooted, you only have to give it subdir, not
/rsync/base/path/subdir
![[ Celebrate 40 years of GNU! ]](https://www.gnu.org/gnu40/GNU40_badge-sm.png){kind=icon}