Re: Want unusual config...

From: Early Ehlinger (early_at_respower.com)
Date: 12/23/03

  • Next message: Raymond: "Samba 3, port 445 and SSH" 
    Date: Tue, 23 Dec 2003 11:00:35 -0600

    "Nico Kadel-Garcia" <nkadel@comcast.net> wrote:
    Thanks for the swift response. I truly appreciate it.

    > You may need a chroot cage...
    > But I'm actually going to try to urge you away from this approach....

    I'm afraid this won't work very well, since I would have to have a jail for
    *every user*, which would be a bear to maintain. What happens if I need to
    change the jail for any reason, etc., etc.

    And I can hardly wait for the deluge of questions like "Hey, what's this
    /bin folder here for?"

    > There's "rssh" as well at http://sourceforge.net/projects/rssh/

    This looks rather promising. I may need to hack on it a little bit to get
    what I want, but it should be relatively straightforward :) It seems that
    the only thing it lacks is a pseudo-chroot like wu-ftpd provides, so that
    everybody has their own virtual root.

    I'm still trying to see how either of these approaches restricts only select
    users to the sftp subsystem. In other words, it seems to allow me to have
    sftp-only access for everybody, but without the ability to allow SSH-shell
    access to trusted users.

    > Instead, I urge you to look into "WebDAV" and HTTPS...

    This might be useable, but seems like quite a bit of overkill. Also, I get
    the impression that the clients are not quite as focused on simple batch
    file transfers as they are for SFTP, which would be a serious downside for
    my customers. 

    --
Best Regards,
- Early Ehlinger -
  • Next message: Raymond: "Samba 3, port 445 and SSH"