Hi All, I plan to use the vsftpd FTP damon in Ubuntu Linux server running my rails website. My website needs automatically create new FTP accounts everytime a new registration occurs. I have done basic homework of googling and search this forum and cannot find any sugestion or good examples. Can someone please give me some idea on what steps I need to program (rails code example)? I am new to Linux / rails world. Thanks. Regards, JB
on 2008-10-20 22:37
on 2008-10-20 22:45
That's easy, simply make a system call within your Rails app using backticks, and pass the command to create new ftp accounts. You MUST make sure the passed is safe and has been sanitized.
on 2008-10-21 00:05
Does anybody else get the heebie-jeebies at the thought of running a web app under a user account w/perms enough to create FTP users? ;-) Have you considered other methods for empowering your users to move files back & forth to your server (e.g., attachment_fu)? If that would suit, you'll probably wind up w/a more secure app... Cheers, -Roy
on 2008-10-21 00:27
Agreed. Giving Rails any FTP privileges beyond read is a disaster waiting to happen. Go with something that will allow Rails to handle file transfer on it's own. JB, take a look at Boxroom. http://boxroom.rubyforge.org/ This is what I use for sharing files between clients and friends. I run it as it's own application, but with a little tinkering you can integrate it into whatever you're doing.
on 2009-01-06 21:31
Thank you all! (I was distracted by another project from my angry boss, but I am still alive and watching this forum). I am actually resuming my project of allowing a end-user (account) to able able to FTP-up images right from their security cameras. I don't mean web-cams from kids, but real security firms. Again, I am thinking, once the user opens his or her account, an FTP access will be automatically created as part of the account preparation. I concern about possible the security issues with FTP, but most security cameras (I know of) has FTP feature. Thanks, JB Patrick Sullivan wrote: > Agreed. Giving Rails any FTP privileges beyond read is a disaster > waiting to > happen. Go with something that will allow Rails to handle file transfer > on > it's own. > > JB, take a look at Boxroom. http://boxroom.rubyforge.org/ This is what I > use > for sharing files between clients and friends. I run it as it's own > application, but with a little tinkering you can integrate it into > whatever > you're doing.
on 2009-01-07 06:56
Jb Li wrote: > I concern about possible the security issues with FTP, but most security > cameras (I know of) has FTP feature. If you do end up using FTP for this you might want to check your devices to see if they support Secure FTP (SFTP). At least that way the content they would be transporting would be encrypted while traversing the network. You will still need to carefully consider (and probably monitor) any automatically created FTP accounts. It might also be important to investigate the FTP server software you use for any known security related bugs. FTP servers are a hot target for hackers and warez bots, as I'm sure you are aware. Unfortunately FTP is one of those protocols invented before anyone cared much about security.