Don't set systemd ProtectHome=on by default.

NEWS.md

@@ -39,6 +39,11 @@ Protocol: 31 (unchanged)
    also allows you to specify the value via the RSYNC_MAX_ALLOC environment
    variable.
 
+ - The default systemd config was changed to remove the `ProtectHome=on`
+   setting since rsync is often used to serve files in /home and this seemed a
+   bit too strict.  Feel free to use `systemctl edit rsync` to add that
+   restriction to your own setup, if you like.
+
  - The memory allocation functions now automatically check for a failure and
    die when out of memory.  This eliminated some caller-side check-and-die
    code and added some missing sanity-checking of allocations.
@@ -98,6 +103,11 @@ Protocol: 31 (unchanged)
 
 ### ENHANCEMENTS:
 
+ - The default systemd config was made a bit stricter by default.  For
+   instance, `ProtectHome=on` was added.  You can override this using the
+   standard `systemctl edit rsync` and add a line to turn that off under a
+   `[Service]` heading.
+
  - The use of `--backup-dir=STR` now implies `--backup`.
 
  - Added `--zl=NUM` as a short-hand for `--compress-level=NUM`.

packaging/systemd/rsync.service

@@ -23,7 +23,7 @@ RestartSec=1
 # See systemd.unit(5) and search for "drop-in" for full details.
 
 ProtectSystem=full
-ProtectHome=on
+#ProtectHome=on
 PrivateDevices=on
 NoNewPrivileges=on
 

packaging/systemd/rsync@.service

@@ -23,6 +23,6 @@ StandardError=journal
 # See systemd.unit(5) and search for "drop-in" for full details.
 
 ProtectSystem=full
-ProtectHome=on
+#ProtectHome=on
 PrivateDevices=on
 NoNewPrivileges=on