IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RE: sftp rename not good.



> -----Original Message-----
> From: Richard Silverman [mailto:slade%shore.net@localhost]

> > This statement implies a situation where the client is not
> expected to know
> > anything about the remote server. In practice, this situation is
> > non-sensical. You cannot connect to the server in the first
> place unless
> > you're either a regular user of that system, or you have
> made a special
> > pre-arrangement to obtain an account on that system. You
> certainly won't have
> > write privileges to rename arbitrary files on a server that
> is completely
> > unknown to you. Theoretical discussions about what might
> cause problems may
> > be an interesting intellectual diversion, but they are just that -
> > *diversions*. Real users will have knowledge about the
> remote server that
> > they're operating on.
> >
> > To assume the client has no knowledge of the server is pointless.
>
> I completely disagree with this statement.  It is a perfectly
> possible to
> give someone an account on a system for the sole purpose of
> (and limited
> to) sftp access.  The user may never log into the directly,
> or even know
> what the host OS is or how to use it; it acts as an opaque sftp file
> server.  This situation is neither nonsensical nor pointless; on the
> contrary, it is useful and reasonably common, follows normal
> and useful
> principles of abstraction, and is likely to become more common as sftp
> becomes more widely implemented.

Yes, it is possible to do what you describe. It is also possible for the user
to call you up when they have a problem or get confused. Legitimate users
have access to information about the system they're using, because they have
access to whoever gave them the account in the first place. As I said, the
client is either a regular user or has gotten pre-arranged access to the
server. If you're giving out accounts to your server, you should expect to
provide support for those accounts, even if "support" consists merely of a
README file. If you hand out accounts to users without telling them how to
use them, you have a different problem, and that's certainly outside the
realm of SSH to address.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support




Home | Main Index | Thread Index | Old Index