[Unison-hackers] Multi-user, single UID ideas for Unison

[Tõivo Leedjärv]

On Mon, 30 Oct 2023 at 23:45, nikp123 <nikp123 at e.email> wrote:
>
> But I am not asking for any *particular* solution, I'm asking if the
> solution proposed here sounds sane or even practical. Yes, I do
> understand it's niche for almost all of you, but I'd like for Unison's
> syncing prowess to be useful outside of the server
> administrator/poweruser sphere. This was just one way of achieving that
> (albeit impractical for most people).

I don't think the solution needs to be as complicated as the
discussion here suggested. In fact, I think the solution you yourself
proposed is not only meaningful, it should actually be rather simple
to implement.

Instead of looking at this as some security feature, I see this
feature as more akin to don't-cross-filesystems option found in many
programs. This is similar, but here it's more like a pseudo-chroot.
There is actually prior art to what I think is pretty much exactly
this feature: https://urldefense.com/v3/__https://borgbackup.readthedocs.io/en/stable/usage/serve.html__;!!IBzWLUs!VbcJHERi4ERNGFWyYfykdKXDDhDv7eyhmm8z9fUQ0jawa1oMmeySX84KOq4Mym5OVWqCSxCZtIfrTOoZxLU7whC58tQ$ 

nikp, do I understand correctly that all you need is basically this?

 - force the replica root to be the (or within the) specified directory;
 - not allow symlinks outside the replica root.

Is this going to benefit other users? Not sure...