[nycbug-talk] ftp client....
Tue Jun 1 22:41:48 EDT 2004
On Jun 1, 2004, at 8:21 PM, George Georgalis wrote:
> On Tue, May 25, 2004 at 06:00:47AM -0400, Isaac Levy wrote:
>> but for plain ol' FTP, (eeeek!):
>> Dedicated Client Software:
>> The Mac Finder:
>> all drag-n-drop n' such...
>> From the finder, Controll-K, and then enter the ftp server url...
>> (noteworthy, this works great across an SSH tunnel for when you
>> actually encounter some FTP resource in the wild...)
>> You can also flip the passive/active switch in the system preferences,
>> Network Pane, in the 'Proxies' tab for a given interface.
> I got a chance to try this out, first hand, today. Humm, it didn't work
> though. I found the passive/active switch too (by the way, that means
> an unpredictable port vs port 20 for ftp-data, right? Maybe I'm spoiled
> with iptables connection tracking...). I even tried explicitly stating
> the protocol and ip, no go.
> I was able to use command line 'ftp' with tar to circumvent free
> webmail storage limitations ;-) ...all the more reason the above ctrl-k
> procedure not working is a big mystery. Oh, maybe I need ~ftp/lib/ and
> ~ftp/bin/ files? My anon ftp doesn't have any...
> On the near horizon is another unrelated problem I need to work out,
> give _virtual_ users ftp/scp/rsync-ssh access to _their_ and only
> _their_ public html docs directories. I saved this shell from a while
i've just implemented proftpd authenticating via MySQL. the accounts
are managed via a web gui. works pretty well, and each ftp user is
chroot'd. i am not sure about ssh utils, altho i'm sure you can have
fun with PAM etc...
> I've not completely got my head around that one, it may do, but I would
> prefer not using system accounts, even if they are restricted, and I
> don't want one user to be able to cd to another's 'public' html, and
> read htaccess protected files for example.
> I'm thinking djb's checkpassword to chroot to the users's dir for a
> ftp/scp/rsync-ssh restricted shell (yes I need to enable ftp auth,
> securely) could do it, with everything in a cdb. But I'd like to get
> something acceptable (ftp) in place soon. :-} Any ideas?
> // George
> George Georgalis, Architect and administrator, Linux services. IXOYE
> http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org
> Key fingerprint = 5415 2738 61CF 6AE1 E9A7 9EF0 0186 503B 9831 1631
> talk mailing list
> talk at lists.nycbug.org
More information about the talk