[nycbug-talk] virtual users and ftp/scp/rsync-ssh (was: ftp client....)

George Georgalis george
Wed Jun 2 09:37:02 EDT 2004

On Tue, Jun 01, 2004 at 09:54:19PM -0400, Bob Ippolito wrote:
>On Jun 1, 2004, at 8:21 PM, George Georgalis wrote:
>>I'm thinking djb's checkpassword to chroot to the users's dir for a
>>ftp/scp/rsync-ssh restricted shell (yes I need to enable ftp auth,
>>securely) could do it, with everything in a cdb. But I'd like to get
>>something acceptable (ftp) in place soon. :-} Any ideas?
>The solution I would use is to use servers designed to handle the  
>virtual user scenario.  I remember ProFTPd (?) being capable of doing  
>this quite a few years ago.

I never noticed virtual users as a ProFTPd feature. It looks perfect,
will have to give it a shot and worry about the other protocols later.

>  As for scp and rsync-ssh I don't know of  
>any out of the box solutions, however if you're good with Python you  
>may want to take a look at conch (a component of Twisted,  
>http://twistedmatrix.com/), which is a Python implementation of the SSH  
>protocol.  I've personally seen it used to implement restricted virtual  
>scp, but I don't think any such package has been released.  Twisted  
>does of course also have a FTP component that can be used more or less  
>out of the box.  I'm not really very familiar with the implementation  
>of rsync, but I can't imagine it would be too hard to implement either.

I think Twisted, http://twistedmatrix.com/ is a bit of a stretch. :)
Thanks for the link anyhow.

>On the other hand, I've personally standardized on WebDAV with Apache2:
>- You probably already know how to configure it
>- You can authenticate and authorize however the hell you want
>- Encryption is easy, just use SSL
>- Anyone with a web browser can fetch files from it
>- Anyone with a non-ancient operating system can mount it as a  
>filesystem without any additional software
>- Anyone with an ancient operating system can still get software  
>that'll do it
>- Many software products integrate with it specifically

It never occurred to me that I might actually _want_ Apache2 features.
This looks worth looking into. Thanks.

// George

George Georgalis, Architect and administrator, Linux services. IXOYE
http://galis.org/george/  cell:646-331-2027  mailto:george at galis.org
Key fingerprint = 5415 2738 61CF 6AE1 E9A7  9EF0 0186 503B 9831 1631

More information about the talk mailing list