View Single Post
Old 11-05-2007, 05:51 PM  
neoxed
Too much time...
 
Join Date: May 2003
Posts: 1,326
Default

That's how it should function. As far as ioFTPD is concerned there is no "gadmin" or "siteop" flag. There are only a few hard-coded flags:

A - Anonymous (any password works)
f/F - FXP permissions (deny FXP download/upload)
M - Master (cannot be changed by non-masters, can see private paths)
V - VFS admin (can see private paths)

Any other powers these flags give are defined by the permissions they're given in the ioFTPD.ini.

If a flag gives permission to a command, and a user has that flag, they can use that command.

Users are defined as "gadmins" by using site change <user> admingroups <groups> and nothing else. Commands must be specifically implemented to be aware of "gadmin" privileges by using User_IsAdmin API.

A better system is how glFTPd handle's it's group admins - which will require ioFTPD to have a special hard-coded gadmin flag.
  • The FTPD must be aware of the hard-coded gadmin flag.
  • Any "site change" command defined with the gadmin flag in ioFTPD.ini will have ioFTPD call User_IsAdmin to verify the user is a gadmin.
  • This moves the hard-coded gadmin checks from certain commands to configurable commands in ioFTPD.ini.
  • Optional: When a user is given administrative privileges over a group, they automatically receive the gadmin flag.
  • Optional: When a user is revoked administrative privileges over a group, they automatically lose the gadmin flag.
  • These optional features can be implemented by scripts very easily, not required to be part of the daemon.

Last edited by neoxed; 11-05-2007 at 06:22 PM.
neoxed is offline   Reply With Quote