On Wed, Jul 30, 2008 at 09:46:44AM +0800, mirror-maintainer at mirror.averse.net wrote: > > Ironically, I do run rsync --daemon as root for a few reasons: > - use chroot=true > - listen on port 873 > - specify per-module uid, gid > > Admittedly, I could manually chroot the daemon to the entire mirror > tree before running it as a regular user, and I could do some port > forwarding or iptables stuff and run rsyncd on a high port, and use a > common nobody-like account for all modules... > > What do you guys do? I would also like to run rsync as non-root, although I run it as root now. I would like to do: start rsync standalone connect to port 873 possibly chroot run as nobody Is that possible? I understand that rsync changes from root to some non-root uid when it starts transferring, but in the mode where it processes commands there is a window of opportunity to make it do things. I would then like to close that window. best regards keld