(though specifying it as -s is
              always the easiest and most compatible choice).

       --trust‐sender
              This option disables two extra validation  checks  that  a  local
              client  performs  on  the file list generated by a remote sender.
              This option should only be used if you trust the  sender  to  not
              put  something  malicious  in the file list (something that could
              possibly be done via a modified rsync, a modified shell, or  some
              other similar manipulation).

              Normally,  the  rsync client (as of version 3.2.5) runs two extra
              validation checks when pulling files from a remote rsync:

              o      It verifies that additional arg items didn’t get added  at
                     the top of the transfer.

              o      It  verifies  that  none of the items in the file list are
                     names that should have been excluded (if filter rules were
                     specified).

              Note that various options can turn  off  one  or  both  of  these
              checks  if  the  option  interferes with the validation.  For in‐
              stance:

              o      Using a per‐directory filter file reads filter rules  that
                     only  the  server  knows  about, so the filter checking is
                     disabled.

              o      Using the --old‐args option allows the sender  to  manipu‐
                     late the requested args, so the arg checking is disabled.

              o      Reading  the  files‐from  list  from the server side means
                     that the client doesn’t know the  arg  list,  so  the  arg
                     checking is disabled.

              o      Using  --read‐batch  disables  both checks since the batch
                     file’s contents will have been verified when it  was  cre‐
                     ated.

              This  option may help an under‐powered client server if the extra
              pattern matching is slowing things down on a huge  transfer.   It
              can  also  be  used to work around a currently‐unknown bug in the
              verification logic for a transfer from a trusted sender.

              When using this option it is a good idea to specify  a  dedicated
              destination  directory,  as  discussed in the MULTI‐HOST SECURITY
              section.

       --copy‐as=USER[:GROUP]
              This option instructs rsync to use the USER and (if specified af‐
              ter a colon) the GROUP for the copy operations.  This only  works
              if  the  user  that  is  running  rsync has the ability to change
              users.  If the group is not specified  then  the  user’s  default
              groups are used.

              This  option can help to reduce the risk of an rsync being run as
              root into or out of a directory that might have live changes hap‐
              pening to it and you want to make sure that  root‐level  read  or
              write  actions of system files are not possible.  While you could
              alternatively run all of rsync as the specified  user,  sometimes
              you  need  the  root‐level host‐access credentials to be used, so
              this allows rsync to drop root for the copying part of the opera‐
              tion after the remote‐shell or daemon connection is established.

              The option only affects one  side  of  the  transfer  unless  the
              transfer  is local, in which case it affects both sides.  Use the
              --remote‐option to affect the  remote  side,  such  as  -M--copy‐
              as=joe.   For  a local transfer, the lsh (or lsh.sh) support file
              provides a local‐shell helper script that can be used to allow  a
              "localhost:"  or  "lh:" host‐spec to be specified without needing
              to setup any remote shells,