Subject: Re: (reasonably) secure shared upload area on server
To: David Brownlee <firstname.lastname@example.org>
From: Alistair Crooks <email@example.com>
Date: 10/18/2006 19:54:56
On Wed, Oct 18, 2006 at 04:13:45PM +0100, David Brownlee wrote:
> We have a requirement for several remote collaborators to
> be able to upload and download data on a given server.
> Ideally we want something where they can access an effectively
> chroot()ed area, so if something does go wrong their access cannot
> open up more of the server. Obviously it would be nice if their
> connections where encrypted as well.
> Is there any consensus as to good approaches to this?
Just another thought - a Xen domain per customer, doesn't have to be a
large one either in memory or disk space terms. They can
login/sftp/scp/webdav whatever, and do their own thing. If they fill
up their own space, then tough, they have harmed no-one but
themselves. As a yardstick, I have a 64 MB memory domain, with a 10
GB chunk of disk (on a vnode), which works just fine as a build host.
It works even better with 96 MB of memory for gcc4, but that's another
Anyway, the Xen idea came from a lesson a friend found out whilst
using a UML Linux "domain" on a co-lo box - their "acceptable use"
policy was violated by running a find(1) command. I recommended a
very quick move to a different site which did provisioning properly.