Comment by m463

1 day ago

thing is, there IS a transfer protocol, there are just no controls on the files. If you can log in, there is just passing security.

Just take a step back and think what you could do if it were a protocol:

- limit visible files

- limit access to files by user

- make access strictly read-only

- allow upload-only (sort of a dropbox)

- clear separation between login access and file access

- remove login user from the whole mess

- trivially tie in as a filesystem.

etc...

3 comments

m463

Reply
rad_gruchalski  1 day ago

But why? It can be done with ssh and some mix of linux permissions. It’s simple. There’s always room for more complexity.

  • m463  1 day ago

    I like the simplicity of controlling everything with a hypothetical scp.conf:

      default
    access none /dev /sys /proc
  user foo
    access ro /var/scp/firmware
    access rw /var/scp/user-foo
  user anonymous
    access w /var/scp/dropbox
  user joe
    access rw /home/joe
  user fred
    access rw /
  user backup
    access ro /

    • unsnap_biceps  3 hours ago

      You can actually switch the subsystem to `internal-sftp` and configure the visible path via ChrootDirectory, however you still rely on posix user/group privs.

      Subsystems are pluggable, so you could write your own subsystem that does enforce whatever config and permission model you want. It's not terribly difficult to do, and you can replace the sftp subsystem entirely.

      and just a FYI, currently scp is plumbed over the sftp subsystem, so replacing the sftp subsystem would "fix" scp and sftp clients for you.