View Single Post
Old 05-21-2005, 02:12 PM  
darkone
Disabled
 
darkone's Avatar
 
Join Date: Dec 2001
Posts: 2,230
Default Re: FXP denial, group changing, etc

Quote:
Originally posted by Yil
[B]First off, this is by far the most customizable, configurable, lightweight, and just plain kickass ftp server I've used. But I suppose everyone already here knows that

There are so far 3 things I haven't really been able to figure out.

1) While there is a chown and a chmod command I can't seem to find a way to change the GROUP of a directory or file. This is particularly annoying since I figured if there wasn't a command to change it that it would track the group of the new owner if changed via chown. But that doesn't work either...
Try: "SITE CHOWN :GROUP <directory>" - remember that ':'.

Quote:
2) There is currently NO WAY to grant or deny FXP permissions to a folder/file based on a users group, flags, or name. It's either on or off for everyone. FXP is perhaps a special case since the other transfer related permissions are usually broadly specified and individual file and folder filesystem permissions are used for fine grained control. Thus I think instead of upload having an F/f flag, you should simply create a new FXPsend and FXPreceive keywords (eliminates the upload/download confusion). Thus instead of

Download = * 1MV3YZFf

you would have

Download = * 1MV3YZ
FXPsend = * 1MV3

thus denying FXP downloading to anyone who isn't flagged 1mv3.
I'm not convinced enough to hardcode such feature. It is something that is certainly possible for module to do in next io.

Quote:
3) In order to prevent idling for some users I'm using
noop = !Z *
but it's sorta annoying to see those command not understood messages. Perhaps instead you could add a "noidle" keyword. You could then improve the logic so that people issuing random and pointless noops, pwd, etc could all be ignored when calculating when to apply the idle timelimit...
NOOP stands for NO OPERATION. You can write PRE NOOP script that outputs non-error message, but returns with non-zero exit value. However, it is likely that users will start using other commands (PWD, CWD, ...) for keeping their connection alive.


Quote:
My initial feedback from playing with it for a few days goes as follows:

1) I'm an old unix type so I don't mind editing config files by hand, but I'd really bundle something like ioGUI with some extra functionality with the product.
Next io comes with php-based web-UI.

Quote:
2) Since a lot of subtle VFS, permissions, etc issues creep up and bite people or just confound newer users, I'd think about a new site command to show the applicable rules for the specified file or directory would be very useful and rather straighforward. A script, addon gui, etc could then expand the groups, users, etc to highlight which ones have access to do what. I could see that as very powerful. Of course such a script COULD just read the files for themselves, but that doesn't mean it's being processed that way
I like this idea, however it will only work for the hardcoded checks/functions - so it might be smart to write it as script that supports extensions.

Quote:
3) I've used srvany to install ioftpd as a service, but it's only a sorta fix since it doesn't gracefully shutdown ioftpd nor does it catch when ioftpd crashes. I'd really provide a simple but proper services wrapper.
Again, next io will run only as NT-service. There is no estimate when next versio is done (@ beta/final), should be sometime this summer though.
darkone is offline   Reply With Quote