unison (or alternative). limiting the remote usage.
Posted on 2007-08-01
I have a server and several users who need to synchronize from the server. The purpose of the sever is *only* to allow them to synchronize their files; nothing else should be permitted.
My first guess is to use "unison". There are two options for this: using the "remote shell" method or the "socket" method. However, with both options, the users have too much "freedom".
With the "remote shell" option, it means that users can connect to the server and do other stuff other than syncrhonize files. For instance, they can run programs there. I really need to limit the server to synchronize files, nothing else. That's why I say that, in this set-up, the "remote shell" with the users too much "freedom".
The "socket" method removes the previous type of freedom. However, there are two things to solve:
1- user authentication. How to restrict malicious users to use it?
2- restrict operation. Depending on the user, I would like to restrict the paths that he can synchronize; maybe restrict whether they can update files from and to the client and the server, or only from the server to the client (-force rootPath). Maybe this could be achieved by having the unison profiles defined in the server, rather than in the client (the server administrator would be the one defining the unison profiles, and not the users)
What do you think?
Do you know how to achieve this set-up?
Otherwise, do you know an alternative to unison to get this?