[Owncloud] SFTP to a user's ownCloud files?

Jon Spriggs jon at sprig.gs
Tue Feb 21 06:39:26 UTC 2012 

FTPS is easy when your device is directly connected to the internet with no
firewall (or a very open firewall) in front of it.

As soon as you have a restrictive (otherwise known as being "secure" :) )
firewall in front of it, you have to open both the control port (TCP/21)
and "high ports" TCP/1024-65535, because, as the control channel is
encrypted, the firewall can't inspect the instructions from the FTP server
to identify which ports to use (which is conventional FTP works through
firewalls).

Also, even if you get FTPS to your device, you still need to hook the file
system part up to the webdav part, as there is extra metadata that the
webdav channel provides that just isn't there at a file system level.

Sorry it's not more positive, and I really hope someone comes forwards to
dispute some/all of what I've just said!

Regards,
-- 
Jon "The Nice Guy" Spriggs
On Feb 20, 2012 5:18 PM, "Advrk Aplmrkt" <avkaplmkt at gmail.com> wrote:

> Wow, I didn't realise this would be so complicated. Would it be any
> different to setup FTPS instead?
>
> I think either SFTP or FTPS access to a user's ownCloud share would be
> a really nice feature!
>
> On 20 February 2012 10:32, Andreas Schneider <asn at cryptomilk.org> wrote:
> > On Monday 20 February 2012 16:09:29 Alexander Skwar wrote:
> >> Hi
> >>
> >> On Mon, Feb 20, 2012 at 15:08, Simon Kainz <simon at familiekainz.at>
> wrote:
> >> > Hi,
> >> >
> >> > well, do you have already user accounts on the server, maybe with the
> >> > same usernames as the owncloud users?
> >> >
> >> > Problem would be, every user needs a home directory (which would be
> >> > files/username for OC).
> >> >
> >> > Another issue concerning file permissions: In OC (either webdav or via
> >> > Brower upload) files are normally owned by the www-server user, not by
> >> > the user who uplaoded the file, this would need some investigation.
> >>
> >> And additionally, users would probably want to use the same password.
> >> If using a mysql backend, one might be able to use pam_mysql. But
> >
> > You can put it together with 20 ugly hacks (introducing 5 security
> problems
> > iny our system) or implement a ssh/sftp server using
> http://www.libssh.org/ ;)
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20120221/6eb9a922/attachment.html>

More information about the Owncloud mailing list