[nycbug-talk] virtual users and ftp/scp/rsync-ssh (was: ftp client....)
George Georgalis
george
Wed Jun 2 09:37:02 EDT 2004
On Tue, Jun 01, 2004 at 09:54:19PM -0400, Bob Ippolito wrote:
>On Jun 1, 2004, at 8:21 PM, George Georgalis wrote:
>
>>I'm thinking djb's checkpassword to chroot to the users's dir for a
>>ftp/scp/rsync-ssh restricted shell (yes I need to enable ftp auth,
>>securely) could do it, with everything in a cdb. But I'd like to get
>>something acceptable (ftp) in place soon. :-} Any ideas?
>
>The solution I would use is to use servers designed to handle the
>virtual user scenario. I remember ProFTPd (?) being capable of doing
>this quite a few years ago.
I never noticed virtual users as a ProFTPd feature. It looks perfect,
will have to give it a shot and worry about the other protocols later.
> As for scp and rsync-ssh I don't know of
>any out of the box solutions, however if you're good with Python you
>may want to take a look at conch (a component of Twisted,
>http://twistedmatrix.com/), which is a Python implementation of the SSH
>protocol. I've personally seen it used to implement restricted virtual
>scp, but I don't think any such package has been released. Twisted
>does of course also have a FTP component that can be used more or less
>out of the box. I'm not really very familiar with the implementation
>of rsync, but I can't imagine it would be too hard to implement either.
I think Twisted, http://twistedmatrix.com/ is a bit of a stretch. :)
Thanks for the link anyhow.
>On the other hand, I've personally standardized on WebDAV with Apache2:
>- You probably already know how to configure it
>- You can authenticate and authorize however the hell you want
>- Encryption is easy, just use SSL
>- Anyone with a web browser can fetch files from it
>- Anyone with a non-ancient operating system can mount it as a
>filesystem without any additional software
>- Anyone with an ancient operating system can still get software
>that'll do it
>- Many software products integrate with it specifically
It never occurred to me that I might actually _want_ Apache2 features.
This looks worth looking into. Thanks.
// George
--
George Georgalis, Architect and administrator, Linux services. IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org
Key fingerprint = 5415 2738 61CF 6AE1 E9A7 9EF0 0186 503B 9831 1631
More information about the talk
mailing list