[Unison-hackers] Multi-user, single UID ideas for Unison
nikp123
nikp123 at e.email
Mon Oct 30 19:53:54 EDT 2023
On 31. 10. 23. 00:08, Greg Troxel wrote:
> It strikes me that currently filebrowser is
> designed to be personal and you are using it outside of its design
> assumptions.
Maybe that is the case, but I was able to isolate users via their
ability to specify paths for each user despite all files being store
under one UID/GID pair. Maybe theirs was an afterthought and this
wasn't? I don't know. Even NextCloud that you mentioned afterwards also
stores files in a single permission UID/GID pair on disk. (But NextCloud
has other issues that make it unusable for me).
> You might run nextcloud instead (but not really sure how that would go
> as nextcloud wants you to use nextcloud interfaces and not manipulate
> the db).
I've played around with NextCloud and grew quite resentful of it,
unfortunately. It just has way too many performance problems to be
useful. But I won't drag this discussion offtopic. Thanks for the
suggestion either way.
> Overall, it feels like trying to reinvent unix permissions within a
> process (said in a very broad brush way, not trying to be fair).
Yeah, I'd fear that I would be reinventing the wheel here by suggesting
that.
> You mention "would need system files", but I don't know which files
> and why?
IIRC, when you chroot into a SSH session, it would act as a regular
Linux chroot. The directory you're chroot-ing into would need to have
ALL of the binaries (and their dependencies) you're planning to use
already inside of it. This would be quite messy as you'd have to copy or
link those at runtime which is just prone to too many failures. It'd be
great if this wasn't the case and I just had a wrong understanding of it.
> 2) I think it would be a good thing to be able to, and perhaps by
> default to do so, change the location of the ar/fp files from
> ~/.unison to $SYNCROOT/.unison or someplace like that. We have
> https://urldefense.com/v3/__https://github.com/bcpierce00/unison/issues/552__;!!IBzWLUs!TZBBLjzMYHOAXTQiFLRe5BaE7Dp4SecToZCFKhVgUYmtzPijKUaG1mZ-MAvOC6qYWbT_nSfWcgwN5xNfDna9bFX8ISf3Cw$
> That didn't talk about ar/fp-in-synced-dir but it does now.
Awesome, that solves one piece of the puzzle.
> 3) With (2) done, which I think is of general interest, then I think
> -- but I may be missing something -- that adding a single "chroot ."
> call to unison, after chdir to the sync dir -- with a bit of fixup for
> paths, might mostly do what you want, and that might well be simple
> enough and more broadly applicable as to be ok in terms of
> complexity/usefulness tradeoff.
If this is possible, that would solve my problems. Because that *would*
achieve the isolation that I'm looking for. But I remain doubtful for
the reasons I wrote above.
Thanks for the proposed ideas, I really appreciate it,
nikp123
PS: Sending this again because I forgot how e-mail works. Silly me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://LISTS.SEAS.UPENN.EDU/pipermail/unison-hackers/attachments/20231031/cc82a383/attachment-0001.htm>
More information about the Unison-hackers
mailing list