[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Qube3 FTP secure drop box set up

Subject: RE: [cobalt-users] Qube3 FTP secure drop box set up
From: "Phil Beynon" <phil@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed May 5 02:30:01 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> I occasionally help a friend with his Qube3. He needs to set up FTP for a
> few clients of his [no control of client's ftp software] that
> send 50-100Mb
> files several times a month. It was suggested to make it a blind drop box
> [no read permissions] with a valid user name and password [no anonymous
> ftp]. Upon completion of upload, he would also like the file to be
> automatically be moved to the graphics user's folder so the graphics files
> can be downloaded via ftp and worked on. After the file has been
> moved, both
> users [graphics and the client] need to be notified via e-mail of the
> receipt of the file with file name, size and timestamp.
>
> With this in mind, turning on FTP in the Admin panel, creating
> the accounts,
> changing the user's shell to blank or /dev/null, chmod 300
> home/user/client1
> [client2...] folder. The file movement would need to be either a cron job
> for a script [to ensure the file has been completely uploaded
> before moving]
> or based on the user closing the FTP connection. The script would
> then read
> the variables and put them into an e-mail with the required info,
>  then move
> the file to /home/users/graphics for ftp download, then send the email to
> the appropriate client [client1, client2...] and to the graphics user as
> well.
>
> Is this plan the right way to go, or is there a easier, more direct route?
> >From what I understand the guest-share account which would allow
> for a blind
> drop is part of the anonymous ftp which he wants to avoid [for security
> purposes - trying to keep everything as buttoned up as possible]. Have
> looked at the profptd website and searched the archives. Partial answers
> [chroot, access control via ftphosts,, config files] are scattered about,
> but was looking for a more definitive, security-related answer. Thoughts?
> Comments?

I'd use a PHP page with access authentication against a database of known
users / passwords / IP adresses, upload via a form so customers dont need to
mess with ftp programs (and go exploring). You can validate the file type /
size / name from the PHP string that results from the upload, and discard it
if it is wrong. Then move it where ever you want from the tmp directory and
mail the relevant people directly from php.
This isn't terribly difficult to do in PHP.

Phil

** http://www.diygear.com THE Online DIY Toolstore For DIY & Business
** Infolink Electronic Systems Ltd. http://www.infolinkelectronics.co.uk
** Professional Web Design & Cobalt Hosting Solutions
** Sun Cobalt iForce Reseller - Canon Silver Reseller
** Contact: Sales@xxxxxxxxxxxxxxxxxxxxxxxxx
** Tel / Fax 0121 458 4894 (office) 0121 441 3558 (home)

References:
- [cobalt-users] Qube3 FTP secure drop box set up
  - From: Red Hawk

Prev by Date: Re: [cobalt-users] Just outta curiousity, has anyone tried this?
Next by Date: Re: [cobalt-users] Now Raq4 LCD Wish List
Previous by thread: [cobalt-users] Qube3 FTP secure drop box set up
Next by thread: [cobalt-users] RAQ550 keeps rebooting

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index