unison (or alternative). limiting the remote usage.

Posted on 2007-08-01
Medium Priority
Last Modified: 2008-01-09

I have a server and several users who need to synchronize from the server. The purpose of the sever is *only* to allow them to synchronize their files; nothing else should be permitted.

My first guess is to use "unison". There are two options for this: using the "remote shell" method or the "socket" method. However, with both options, the users have too much "freedom".

With the "remote shell" option, it means that users can connect to the server and do other stuff other than syncrhonize files. For instance, they can run programs there. I really need to limit the server to synchronize files, nothing else. That's why I say that, in this set-up, the "remote shell" with the users too much "freedom".

The "socket" method removes the previous type of freedom. However, there are two things to solve:
1- user authentication. How to restrict malicious users to use it?

2- restrict operation. Depending on the user, I would like to restrict the paths that he can synchronize; maybe restrict whether they can update files from and to the client and the server, or only from the server to the client (-force rootPath). Maybe this could be achieved by having the unison profiles defined in the server, rather than in the client (the server administrator would be the one defining the unison profiles, and not the users)

What do you think?
Do you know how to achieve this set-up?
Otherwise, do you know an alternative to unison to get this?
Question by:dportabella
1 Comment

Accepted Solution

ezaton earned 1500 total points
ID: 19614559
Do you need it to be a bi-directional update? If not, rsync has several advantages there. However, it is a single-directional operation, and not a bi-directional one.

It allows you to set, using socket, a server-side root path, however, it will not allow you user management.

If you're considering using SSH, you can use restricted shell or chroot ssh, which can solve your issues.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question