Mailinglist Archive: opensuse (3666 mails)

< Previous Next >
Re: [SLE] Network File Systems
  • From: Randall R Schulz <rschulz@xxxxxxxxx>
  • Date: Wed, 16 Mar 2005 10:08:14 -0800
  • Message-id: <200503161008.14701.rschulz@xxxxxxxxx>

On Wednesday 16 March 2005 09:51, Dylan wrote:
> On Wednesday 16 Mar 2005 15:51 pm, Randall R Schulz wrote:
> > Leen,
> >
> > On Wednesday 16 March 2005 07:41, Leendert Meyer wrote:
> <SNIP>
> > > That reminds me vaguely of something.
> > >
> > > man rsync: yes indeed:
> > >
> > > --bwlimit=KBPS limit I/O bandwidth, KBytes per
> > > second
> >
> > Dammit! I looked in the rsyncd.conf manual page for something like
> > this before replying, but I didn't think of looking in the rsync
> > manual page itself.
> >
> > Of course, this requires system administrators to rely on their
> > users to limit their bandwidth consumption, which probably isn't
> > the ideal solution to Peter's problem.
> The sysadmin could add it to the alias list somewhere suitable.

It's not trivial to enforce a policy in this manner.

You'd have to make it impossible to access the rsync executable
directly. Then you've have to supply a cover script that processed all
the arguments supplied to strip out those that control the bandwidth
limit and put the administratively mandated one in its place. Then
you'd have to pass the invocation on to the real rsync binary.

The hard part is making it possible for the cover script to invoke the
real rsync binary while not allowing end users to do so directly.
Setuid shell scripts are not an option on Linux, which then forces the
administrator to write the cover program in C or C++ or some other
language the produces binary executables.

Of course, if all you're trying to do is relieve users from the burden
of imposing the limits themselves, but not not to strictly enforce it,
then a cover script is adequate and allows in-the-know but
self-disciplined users to override the limits when there's a legitimate

This is why I looked to the system-wide rsync configuration for a
bandwidth-limiting option. I clearly belongs there.

> Dylan

Randall Schulz

< Previous Next >