I like the simplicity of controlling everything with a hypothetical scp.conf:
default
access none /dev /sys /proc
user foo
access ro /var/scp/firmware
access rw /var/scp/user-foo
user anonymous
access w /var/scp/dropbox
user joe
access rw /home/joe
user fred
access rw /
user backup
access ro /
thing is, there IS a transfer protocol, there are just no controls on the files. If you can log in, there is just passing security.
Just take a step back and think what you could do if it were a protocol:
- limit visible files
- limit access to files by user
- make access strictly read-only
- allow upload-only (sort of a dropbox)
- clear separation between login access and file access
- remove login user from the whole mess
- trivially tie in as a filesystem.
etc...
But why? It can be done with ssh and some mix of linux permissions. It’s simple. There’s always room for more complexity.
I like the simplicity of controlling everything with a hypothetical scp.conf:
1 reply →