Re: FTP-client for Windows, safety concerns

To: herbert langhans <herbert.raimund%langhans.com.pl@localhost>
Subject: Re: FTP-client for Windows, safety concerns
From: Chavdar Ivanov <ci4ic4%gmail.com@localhost>
Date: Fri, 15 Jun 2012 00:56:39 +0100

On 14 June 2012 23:51, herbert langhans 
<herbert.raimund%langhans.com.pl@localhost> wrote:
> On Thu, Jun 14, 2012 at 11:38:27PM +0100, Chavdar Ivanov wrote:
>> On 14 June 2012 23:15, Andy Ruhl <acruhl%gmail.com@localhost> wrote:
>> > On Thu, Jun 14, 2012 at 3:09 PM, herbert langhans
>> > <herbert.raimund%langhans.com.pl@localhost> wrote:
>> >> Long story, simple question: what relieable(!) FTP-client for Windows
>> >> and Apples should I recommend to my FTP-users? Some full functional
>> >> (think about gftp) gui-programm would be the best. Maybe even something
>> >> easy to install, so I can send them the exe file via e-mail ...
>> >
>> > What is wrong with the web browser?
>> >
>> > ftp://user:password%ftp.server.com@localhost
>>
>> Plenty of reasons *not* to use a browser as an ftp client, i.e. no
>> control over active vs. passive mode, difficult or impossible upload
>> etc.
>>
>> I've always installed filezilla on customers' workstations, setting up
>> their account to connect to our ftp server.
>>
>> The 'safety' aspect is bogus; I monitor their accounts to make sure it
>> is not used outside its remit; the passwords are not important - the
>> ftp server (proftpd) has been configured to use 'Defaultroot ~' - i.e.
>> chrooted to users' home directory. sshd_config has
>> 'PasswordAuthentication no' and the ftp server has 'PathDenyFilter
>> ".htaccess|.ftpaccess|authorized_keys"' - which stops them from
>> uploading their own key to let them log on interactively.
>
> The 'Defaultroot' trick I tried. If I remember correct, you cannot
> access linked files - this is a nasty side effect.

No, that is by design. They can only access files under their tree.

You can always hard-link files in their directories (presumably
read-only for them) though. These of course will be usable (assuming
they are on the same filesystem).

> Otherwise it would be
> great that the users cannot get lost when they hop back some
> directories. According the logfiles its a typical reaction that the
> users log out, restart the client and log in again.

Exactly. They should not be allowed to traverse the whole tree.

BTW this is the behavior in ftp mode; if you run is in sftp, you still
can do it - meaning you could be using a client like filezilla for
both, restricted user access and wider administrative one.

> herb langhans
>
Chavdar


-- 
----

References:
- FTP-client for Windows, safety concerns
  - From: herbert langhans
- Re: FTP-client for Windows, safety concerns
  - From: Andy Ruhl
- Re: FTP-client for Windows, safety concerns
  - From: Chavdar Ivanov
- Re: FTP-client for Windows, safety concerns
  - From: herbert langhans

Prev by Date: Re: FTP-client for Windows, safety concerns
Next by Date: libcroco and xz
Previous by Thread: Re: FTP-client for Windows, safety concerns
Next by Thread: Re: FTP-client for Windows, safety concerns
Indexes:

Home | Main Index | Thread Index | Old Index