TOOLS INCLUDED:

  rsync-client.pl / rsync-server.pl
    For rsyncing files between systems on a regular basis, where doas/sudo
    may be required, using a non-privileged _rsyncu user. Implements defense-
    in-depth security through config file validation, SSH restrictions,
    sudo/doas controls, and path validation. Uses pledge/unveil on OpenBSD.

  rrsync
    Open source tool for restricting rsync via SSH authorized_keys forced
    commands. Can enforce read-only access or limit to particular directory.
    Perl version updated to include feature parity with the newer Python
    version included with rsync distributions. Uses pledge/unveil on OpenBSD.

  rsync-altroot.pl
    Tool for backing up to /altroot on usually-unmounted filesystems on a
    local machine. Handles mounting/unmounting safely.

INSTALLATION:

  On OpenBSD: Download signed package and use pkg_add ./rsync-tools-<version>
  On OpenBSD, Linux, or macOS using install.pl: Copy signed package to
     /var/install (or /var/installation on macOS) and run install.pl.

  Copy scripts to /usr/local/bin/ and make executable:
    cp rsync-client.pl rsync-altroot.pl rrsync /usr/local/bin/
    ln -s /usr/local/bin/rsync-client.pl rsync-server.pl
    chmod 755 /usr/local/bin/rsync-*.pl /usr/local/bin/rrsync

  Create rsync user:
    useradd -m -d /home/_rsyncu -s /bin/sh _rsyncu

  Create config directory with proper permissions:
    mkdir -p /etc/rsync
    chown root:_rsyncu /etc/rsync
    chmod 750 /etc/rsync

  Create config file /etc/rsync/rsync.conf with proper permissions:
    touch /etc/rsync/rsync.conf
    chown root:_rsyncu /etc/rsync/rsync.conf
    chmod 640 /etc/rsync/rsync.conf

SECURITY REQUIREMENTS:

  Config directory: 0750 root:_rsyncu
  Config file: 0640 root:_rsyncu
  SSH keys: ED25519 or ECDSA only (RSA deprecated)
  Log file: Created automatically with 0600 permissions

  Scripts validate config file permissions at runtime and refuse to run if
  security requirements are not met.

DOCUMENTATION:

  See README.md on Github for documentation, security best practices, and
  configuration examples.

  GitHub: https://github.com/lippard661/rsync-tools
  Website: https://www.discord.org/lippard/software/

VERIFICATION:

  A signify-signed OpenBSD package is available, which can be verified with:
    signify -C -p discord.org-2026-pkg.pub -x rsync-tools-<version>.tgz

  Public key: https://www.discord.org/lippard/software/discord.org-2026-pkg.pub

AUTHOR:

  Jim Lippard
  https://www.discord.org/lippard/

LICENSE:

  See individual files for license information.
