12 Feb 1999


rsyncd.conf - configuration file for rsync server




The rsyncd.conf file is the runtime configuration file for rsync when run with the --daemon option. When run in this way rsync becomes a rsync server listening on TCP port 873. Connections from rsync clients are accepted for either anonymous or authenticated rsync sessions.

The rsyncd.conf file controls authentication, access, logging and available modules.


The file consists of modules and parameters. A module begins with the name of the module in square brackets and continues until the next module begins. Modules contain parameters of the form 'name = value'.

The file is line-based - that is, each newline-terminated line represents either a comment, a module name or a parameter.

Only the first equals sign in a parameter is significant. Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in module and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value is retained verbatim.

Any line beginning with a hash (#) is ignored, as are lines containing only whitespace.

Any line ending in a \ is "continued" on the next line in the customary UNIX fashion.

The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean, which may be given as yes/no, 0/1 or true/false. Case is not significant in boolean values, but is preserved in string values.


The rsync daemon is launched by specifying the --daemon option to rsync. The daemon must run with root privileges.

You can launch it either via inetd or as a stand-alone daemon. If run as a daemon then just run the command "rsync --daemon" from a suitable startup script.

When run via inetd you should add a line like this to /etc/services:

rsync 873/tcp

and a single line something like this to /etc/inetd.conf:

rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon

Replace "/usr/bin/rsync" with the path to where you have rsync installed on your system. You will then need to send inetd a HUP signal to tell it to reread its config file.

Note that you should not send the rsync server a HUP signal to force it to reread the /etc/rsyncd.conf. The file is re-read on each client connection.


The first parameters in the file (before a [module] header) are the global parameters.

You may also include any module parameters in the global part of the config file in which case the supplied value will override the default for that parameter.


After the global options you should define a number of modules, each module exports a directory tree as a symbolic name. Modules are exported by specifying a module name in square brackets [module] followed by the options for that module.


The authentication protocol used in rsync is a 128 bit MD4 based challenge response system. Although I believe that no one has ever demonstrated a brute-force break of this sort of system you should realize that this is not a "military strength" authentication system. It should be good enough for most purposes but if you want really top quality security then I recommend that you run rsync over ssh.

Also note that the rsync server protocol does not currently provide any encryption of the data that is transferred over the link. Only authentication is provided. Use ssh as the transport if you want encryption.

Future versions of rsync may support SSL for better authentication and encryption, but that is still being investigated.


A simple rsyncd.conf file that allow anonymous rsync to a ftp area at /home/ftp would be:

        path = /home/ftp
        comment = ftp export area

A more sophisticated example would be:

uid = nobody
gid = nobody
use chroot = no
max connections = 4
syslog facility = local5
pid file = /etc/

        path = /var/ftp/pub
        comment = whole ftp area (approx 6.1 GB)

        path = /var/ftp/pub/samba
        comment = Samba ftp area (approx 300 MB)

        path = /var/ftp/pub/rsync
        comment = rsync ftp area (approx 6 MB)
        path = /public_html/samba
        comment = Samba WWW pages (approx 240 MB)

        path = /data/cvs
        comment = CVS repository (requires authentication)
        auth users = tridge, susan
        secrets file = /etc/rsyncd.secrets

The /etc/rsyncd.secrets file would look something like this:








The rsync server does not send all types of error messages to the client. this means a client may be mystified as to why a transfer failed. The error will have been logged by syslog on the server.

Please report bugs! The rsync bug tracking system is online at


This man page is current for version 2.0 of rsync


rsync is distributed under the GNU public license. See the file COPYING for details.

The primary ftp site for rsync is

A WEB site is available at

We would be delighted to hear from you if you like this program.

This program uses the zlib compression library written by Jean-loup Gailly and Mark Adler.


Thanks to Warren Stanley for his original idea and patch for the rsync server. Thanks to Karsten Thygesen for his many suggestions and documentation!


rsync was written by Andrew Tridgell and Paul Mackerras. They may be contacted via email at and