Mini-mini HOWTO on getting unison working from inetd  
by Yan Seiner
revised 3 Oct, 2000


1.  Pick a port.  I used 1874 - purely arbitrary choice on my part.  If
nyou're going to run unison as non-root (highly recommended), you must
use a port > 1023.

2. Edit /etc/services to add the line 
unison          1874/tcp                        # unison
Make sure no other service is on your port of choice.

3.  Edit /etc/inetd.conf to add the line (erase the \ and join lines to
fit it all back together)
unison  stream  tcp     nowait  yan     /usr/bin/env \
env HOME=/chroot/unison /usr/bin/unison -server
                                ^^^                  \
         ^^^^^^^^^^^^^^^
                              user that unison will run as\
    dir where .unison archive lives

4. Restart inetd:

su
password: xxxxxx
killall -HUP inetd
exit

5.  As root, create a .unison directory in /chroot/unison of the
server system and change the ownership:group to the unison user:

su
password: xxxxxxx
mkdir /chroot/unison/.unison
chown yan:cardinal /chroot/unison/.unison
chmod 0700 /chroot/unison/.unison
exit

6.  On the remote system, start unison as you would otherwise.

7.  Make sure that your firewall/vpn is configured to allow the unison
port through and that routing is set up correctly.

Other ideas:

You may want to create a unison user with no login privileges to run
unison.

Running unison from inetd is a HUGE security hole if it is not protected
properly.  In addition to the above, I also recommend running it from
tcpd (man tcpd, man hosts.allow, and man hosts.deny).  This same warning
applies to ANY file sync software running from inetd, or better yet via a
vpn or port forwarding through ssh.