[NCLUG] Building a linux based file exchange portal?

Kasey Erickson kasey.erickson at gmail.com
Tue Sep 22 08:57:46 MDT 2009


>> First, I doubt it is very
>> secure, since once you have an SSH session to a box, you can do just about
>> anything.

Though not a total solution, I've had good luck with scponly
(http://sublimation.org/scponly/wiki/index.php/Main_Page) in
restricting execution privileges when all you want is file transfer.
rssh (http://pizzashack.org/rssh/) aims for the same thing.

Kasey


On Tue, Sep 22, 2009 at 8:44 AM, Ben West <mrgenixus at gmail.com> wrote:
> I think I'd setup DAV or http on the external side, and allow authorized
> users to upload via ftp, if they need to limit access, they should use
> encryption.
>
> On Tue, Sep 22, 2009 at 7:47 AM, Marcio Luis Teixeira <marciot at yahoo.com>wrote:
>
>>
>>
>> Hi everyone,
>>
>> Our company has a need for some sort of server where internal employees can
>> upload files and make them available to clients, or vice versa. In the past,
>> this has been done simply by having a Linux box in the DMZ where both the
>> internal employees and external users can use "sftp/ssh" to exchange files.
>>
>> This is sort of clumsy for several reasons. First, I doubt it is very
>> secure, since once you have an SSH session to a box, you can do just about
>> anything. But secondly, and most important in my view, is that it is a pain
>> to administer. I have to manage accounts for both the internal users as well
>> as adding accounts for external users. In addition to that, because we want
>> only certain IP addresses to have access, I have to manage that as well.
>> Since I'm the only one who can do this, of course users must come to me
>> whenever they want to exchange files with someone new.
>>
>> So I've been looking for a better solution. In an ideal world, there would
>> be some self-managing web portal sort of thing, where internal users could
>> use their browser to upload files, then configure individual accounts for
>> external users which would have access to those files. Alternatively, they
>> simply upload files and assign to it a unique password which they then share
>> to only the users they want to have access. So far I've been unable to
>> locate anything like that (in part, because I do not know what keywords to
>> search for that will not give me a bunch of unrelated stuff).
>>
>> In lieu of custom software, I've contemplated several generic solutions to
>> this problem, none of them all that attractive. I could set up an apache web
>> server, and give internal users access to that box, and have them share
>> files off their http home using ".htaccess" for access control, but that's
>> sort of technical and doesn't easily (I think) allow for uploads from
>> clients. Or I could set up anonymous ftp and force our people to use
>> encryption on their files, but that's very risky, especially if I allow
>> uploads (I'll be hosting an unintentional warez site in the blink of an
>> eye).
>>
>> So, better ideas would be appreciated, thanks!
>>
>> -- Marcio
>>
>>
>>
>> _______________________________________________
>> NCLUG mailing list       NCLUG at nclug.org
>>
>> To unsubscribe, subscribe, or modify
>> your settings, go to:
>> http://www.nclug.org/mailman/listinfo/nclug
>>
>
>
>
> --
> /ˈmɪstər/ /ˈdʒɛnəsɪs/@/dʒi/ /meɪl/ /dɒt/ /kɒm/
> Benjamin West
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug
>



More information about the NCLUG mailing list