Validate user on FreeBSD
Dan Nyanko
cp_ru at chilitech.net
Fri Mar 21 12:52:32 EST 2003
Steven Taschuk <staschuk at telusplanet.net> wrote in message news:<mailman.1048222276.31387.python-list at python.org>...
> Quoth Dan Nyanko:
> > What I have working so far is the client can send a file across the
> > link to the server, and it is written into the directory that the
> > server program resides in. I would like to add an authentication step
> > that would send it to the valid users home directory, e.g.
> > /home/cp_ru/filename.tar.gz
>
> Can't the client just specify a filename of "/home/cp_ru/filename"?
Yes, but I want transparency. The server should be smart enough to
say, "hey this is cp_ru, and his password is valid. Therefore, I
should store his file into his home directory.
> That seems to do more or less what you want, but it points out a
> gaping security hole in the server; the client could specify a
> filename of, say, "/etc/passwd", which would be bad. (I assume
> the server is running as root so it can bind to port 510.)
Yes I see your point. Obviously I'll need the server to run as an
unprivileged user that only has read/write to the validated user's
home directory.
I put port 510 for no other reason that I was reading about FCP when I
wrote the program. I guess I was thinking along the lines of
cryptography and a secure protocol for sending files across tcp/ip...
Of course, my code does not accomplish any of that but I would like
for it to do so in the future.
> Why not just use ftp or sftp?
This is a learning project and a hobby. Using existing programs is
not why a person visits comp.lang.*
More information about the Python-list
mailing list