|
|
Restricting Zope FTP access to one Plone portal / John Kavanagh <jkavanagh@earthsat.com>
Restricting Zope FTP access to one Plone portal
John Kavanagh <jkavanagh(at)earthsat.com> |
2005-08-04 16:44:39 |
[
FULL ]
|
Zope Experts:
Anyone restricted the zFTP access of a Zope user to a single Plone site?
[...]
|
Re: [ZPUGDC] Restricting Zope FTP access to one Plone portal / Jules <jules@jules.com>
Re: [ZPUGDC] Restricting Zope FTP access to one Plone portal
Jules <jules(at)jules.com> |
2005-08-05 06:04:48 |
[
FULL ]
|
Morning, John.
You can do the equivalent of chroot with webdav as it's just HTTP and
you can proxy that. And, that said, webdav has been a bit stinky in
older Zope versions. I haven't beaten on it in a while to see if it's
better than it was.
Have you looked into FTP proxies? The short cut to this is creating
another Zope instance for this one exception. Is it the path to the
user's data the worry?
Tell us a bit more about where you're heading with this.
On Aug 4, 2005, at 5:45 PM, John Kavanagh wrote:
[...]
--
Diplomacy is the art of saying "nice doggie!" until you can find a big
rock.
|
Re: [ZPUGDC] Restricting Zope FTP access to one Plone portal / John Kavanagh <jkavanagh@earthsat.com>
Re: [ZPUGDC] Restricting Zope FTP access to one Plone portal
John Kavanagh <jkavanagh(at)earthsat.com> |
2005-08-05 09:55:44 |
[
FULL ]
|
Jules wrote:[...]
Basically, we want to provide a user access to upload large files to a
certain Plone site. However, it would be a big security problem if they
could access other Plone sites on the Zope server.
Can you explain more about the FTP proxy option?
[...]
|
Re: [ZPUGDC] Restricting Zope FTP access to one Plone portal / Jules <jules@jules.com>
Re: [ZPUGDC] Restricting Zope FTP access to one Plone portal
Jules <jules(at)jules.com> |
2005-08-05 10:30:00 |
[
FULL ]
|
On Aug 5, 2005, at 10:56 AM, John Kavanagh wrote:
[...]
Ah, gotcha.
The easiest/quickest way around this is to create another instances of
Zope for this site. It'll take you 20 mins (even if you have to read
the docs -- tee hee).
You could lock down the whole site through the security tab and create
a user that can only see one path. Or you could place a directory in
the root of the Zope site and acquire it.
The way I'd go is to create an upload.clientname.tld and use the file
system and a regular ftpd. And then map the filesystem directory
they're chrooted in to a Filesystem Directory View on the Zope side.
This also solves the problem of ZODB bloat if they change an 8mb file
five times a week (ack).
[...]
Well, that's the problem. I've never proxied FTP. And as this is
probably a production system you wouldn't be happy if I just made
something up.
--
Microsoft: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
|
Re: [ZPUGDC] Restricting Zope FTP access to one Plone portal / John Kavanagh <jkavanagh@earthsat.com>
Re: [ZPUGDC] Restricting Zope FTP access to one Plone portal
John Kavanagh <jkavanagh(at)earthsat.com> |
2005-08-05 10:39:37 |
[
FULL ]
|
Jules wrote:[...]
Jules:
The approach suggested above definitely looks like the most effective.
Thanks!
[...]
|
|
Forgot your password?
New user?
