From cb05b550f9f065c793e2efbbff54123dc6e27ed6 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Wed, 1 May 2024 13:44:13 +0200
Subject: [PATCH] README: add note about rrsync setup on the remote

---
 README.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/README.md b/README.md
index f8725c6..c579b14 100644
--- a/README.md
+++ b/README.md
@@ -33,4 +33,16 @@ Advanced usage:
     known-hosts-content: "[hostname]:2222 ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 ```
 
+## Recommended setup on the remote server
+
+To force the action to only write to a specific directory,
+and to prevent excessive damage should the SSH key be compromised,
+it is recommended to force the command in the `authorized_keys` file.
+
+```shell
+command="rrsync -wo /directory/to/write/to",restrict,no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+```
+
+The path specified in `target` will now be relative to `/directory/to/write/to`.
+
 [rsync]: https://rsync.samba.org/
\ No newline at end of file