RE: sftp rename not good.

To: "'Richard Silverman'" <slade%shore.net@localhost>
Subject: RE: sftp rename not good.
From: "Howard Chu" <hyc%highlandsun.com@localhost>
Date: Wed, 14 May 2003 01:03:17 -0700

> -----Original Message-----
> From: Richard Silverman [mailto:slade%shore.net@localhost]

> > This statement implies a situation where the client is not
> expected to know
> > anything about the remote server. In practice, this situation is
> > non-sensical. You cannot connect to the server in the first
> place unless
> > you're either a regular user of that system, or you have
> made a special
> > pre-arrangement to obtain an account on that system. You
> certainly won't have
> > write privileges to rename arbitrary files on a server that
> is completely
> > unknown to you. Theoretical discussions about what might
> cause problems may
> > be an interesting intellectual diversion, but they are just that -
> > *diversions*. Real users will have knowledge about the
> remote server that
> > they're operating on.
> >
> > To assume the client has no knowledge of the server is pointless.
>
> I completely disagree with this statement.  It is a perfectly
> possible to
> give someone an account on a system for the sole purpose of
> (and limited
> to) sftp access.  The user may never log into the directly,
> or even know
> what the host OS is or how to use it; it acts as an opaque sftp file
> server.  This situation is neither nonsensical nor pointless; on the
> contrary, it is useful and reasonably common, follows normal
> and useful
> principles of abstraction, and is likely to become more common as sftp
> becomes more widely implemented.

Yes, it is possible to do what you describe. It is also possible for the user
to call you up when they have a problem or get confused. Legitimate users
have access to information about the system they're using, because they have
access to whoever gave them the account in the first place. As I said, the
client is either a regular user or has gotten pre-arranged access to the
server. If you're giving out accounts to your server, you should expect to
provide support for those accounts, even if "support" consists merely of a
README file. If you hand out accounts to users without telling them how to
use them, you have a different problem, and that's certainly outside the
realm of SSH to address.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- RE: sftp rename not good.
  - From: Richard Silverman

Prev by Date: RE: sftp rename not good.
Next by Date: Re: sftp rename not good.
Previous by Thread: RE: sftp rename not good.
Next by Thread: Re: sftp rename not good.
Indexes:

Home | Main Index | Thread Index | Old Index