I want to allow users of my web application to download directory contents via rsync. These are only users who have registered on the Internet, so I do not want to create permanent unix accounts for them, and I want all the files that they download to be stored on my server only in a directory specific to their account. Ideally, the stream would be something like this:
- user says "I want to update my files using rsync" through an authenticated web interface
- the server says: "OK, please run: rsync / path / to / yourfiles uploaduser123abc @myserver: /"
- the client runs this, updating any files on the server
- chrooted download location or something - we want the client to only write files to the specified directory on the server
- Ideally, the client does not need to enter a password - 123abc in the username is enough of a secret token to ensure the security of this rsync transaction, and after the transaction this token will be destroyed - more rsyncs before the new step 1 occurs.
- the server has an updated set of user files.
If you used Google AppEngine, the desired behavior is similar to the "update" command - it sends only modified files for hosting.
What is the best approach to implement something like this? Will it create one-time users and then run the rsync daemon in a chroot jail under these accounts? Are there libraries (preferably Python) or scripts that can do something like this?