[NCLUG] Building a linux based file exchange portal?

Ben West mrgenixus at gmail.com
Tue Sep 22 08:44:22 MDT 2009


I think I'd setup DAV or http on the external side, and allow authorized
users to upload via ftp, if they need to limit access, they should use
encryption.

On Tue, Sep 22, 2009 at 7:47 AM, Marcio Luis Teixeira <marciot at yahoo.com>wrote:

>
>
> Hi everyone,
>
> Our company has a need for some sort of server where internal employees can
> upload files and make them available to clients, or vice versa. In the past,
> this has been done simply by having a Linux box in the DMZ where both the
> internal employees and external users can use "sftp/ssh" to exchange files.
>
> This is sort of clumsy for several reasons. First, I doubt it is very
> secure, since once you have an SSH session to a box, you can do just about
> anything. But secondly, and most important in my view, is that it is a pain
> to administer. I have to manage accounts for both the internal users as well
> as adding accounts for external users. In addition to that, because we want
> only certain IP addresses to have access, I have to manage that as well.
> Since I'm the only one who can do this, of course users must come to me
> whenever they want to exchange files with someone new.
>
> So I've been looking for a better solution. In an ideal world, there would
> be some self-managing web portal sort of thing, where internal users could
> use their browser to upload files, then configure individual accounts for
> external users which would have access to those files. Alternatively, they
> simply upload files and assign to it a unique password which they then share
> to only the users they want to have access. So far I've been unable to
> locate anything like that (in part, because I do not know what keywords to
> search for that will not give me a bunch of unrelated stuff).
>
> In lieu of custom software, I've contemplated several generic solutions to
> this problem, none of them all that attractive. I could set up an apache web
> server, and give internal users access to that box, and have them share
> files off their http home using ".htaccess" for access control, but that's
> sort of technical and doesn't easily (I think) allow for uploads from
> clients. Or I could set up anonymous ftp and force our people to use
> encryption on their files, but that's very risky, especially if I allow
> uploads (I'll be hosting an unintentional warez site in the blink of an
> eye).
>
> So, better ideas would be appreciated, thanks!
>
> -- Marcio
>
>
>
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug
>



-- 
/ˈmɪstər/ /ˈdʒɛnəsɪs/@/dʒi/ /meɪl/ /dɒt/ /kɒm/
Benjamin West



More information about the NCLUG mailing list