Subject: Re: (reasonably) secure shared upload area on server
To: David Brownlee <>
From: Alistair Crooks <>
List: current-users
Date: 10/18/2006 19:54:56
On Wed, Oct 18, 2006 at 04:13:45PM +0100, David Brownlee wrote:
> 	We have a requirement for several remote collaborators to
> 	be able to upload and download data on a given server.
> 	Ideally we want something where they can access an effectively
> 	chroot()ed area, so if something does go wrong their access cannot
> 	open up more of the server. Obviously it would be nice if their
> 	connections where encrypted as well.
> 	Is there any consensus as to good approaches to this?

Just another thought - a Xen domain per customer, doesn't have to be a
large one either in memory or disk space terms.  They can
login/sftp/scp/webdav whatever, and do their own thing.  If they fill
up their own space, then tough, they have harmed no-one but
themselves.  As a yardstick, I have a 64 MB memory domain, with a 10
GB chunk of disk (on a vnode), which works just fine as a build host. 
It works even better with 96 MB of memory for gcc4, but that's another

Anyway, the Xen idea came from a lesson a friend found out whilst
using a UML Linux "domain" on a co-lo box - their "acceptable use"
policy was violated by running a find(1) command.  I recommended a
very quick move to a different site which did provisioning properly.