rsync-server-wrapper: minimal privilege "rsync --server" chroot wrapper
-----------------------------------------------------------------------

This is rsync-server-wrapper, a wrapper for the rsync command that can be
used as a shell for minimum privilege rsync-over-ssh users. It works by
requiring that the first parameter to the rsync command is "--server".

It requires that the ssh daemon perform the chroot. See the ChrootDirectory
option in the sshd_config(5) man page.

It also requires that a ".rsync-server-wrapper-ok" file appear at the
top-level of the chroot. This ensures that rsync-server-wrapper isn't
mistakenly executed outside of the chroot.

The path to the rsync binary to be executed is hardcoded as "/bin/rsync".
(This is the path inside the chroot.)

It is recommended that the chroot binary be a statically linked binary.
Otherwise additional files (dynamic loader, runtime library dependencies)
will be needed inside the chroot in order to execute rsync.