eno2001's Journal: ASK [/.]: Internet File Sharing

Where I work, the graphics dept has the need to be able to make files available to and retrieve files from clients who interact with them. Some of the clients are internal and others are external to the organization. They used to use e-mail,but our mail server chokes when we go above 16 meg attachments, not to mention the recipient's mail server. (That's another story and thankfully will be ending this year when we migrate to Zimbra) They now want to be able to ship around files in the 64-256 meg range, so e-mail is definitely out.

I suggested FTP, but the problem is that they won't have clients who are coming from known IPs, so I can't limit the FTP server to only accept connections from a range of IPs. The other option I thought of was to use FTP for them to place the files on the server and then HTTP for the clients to pull the files down "anonymously". But... there are times when those files may be sensitive. So that's out too. It sounds like we want the client to be able to have un/pw combos to log in and retrieve only THEIR files.

Here's where I'm left scratching my head. I can deal with setting up and FTP server for them. I can also deal with setting up a web server. But the IT dept can't deal with a constantly rotating set of un/pw combos as the graphics dept needs them. So, the real question is whether or not there is a way for the graphics dept to hit the system and generate accounts as needed. Preferably something that already exists in terms of internet file sharing on Linux.

The ideal would be:
1. An FTP server (I'll probably be using Gentoo with PureFTPD)
2. A web server (Likely Apache)
3. A web interface to manage the FTP users that I can feel comfortable letting the end-users deal with (this is the "pie in the sky" part I know) the creation/deletion/pw changing for FTP accounts only

Has anyone seen anything like this? How well/poorly did it work? Is this an insane idea? (I happen to think it is, but I work in an insane place with insane requests)

File Sharing

[ratboy666]

A good solution is to use https:

Set up Apache with a list of user names and passwords. This can be updated via a CGI script. If needed make a link on an http: page to point to the new page. Create a certificate for the https: and get it going. Make sure that the file content is not available outside of the https: side.

The CGI script can also be used to update FTP passwords.

Chacham

[Captain Splendid]

constantly rotating set of un/pw combos

Umm, maybe I missed something, but anything that requires a steady, unending stream of new un/pw is doomed to be highly frustrating. Wouldn't it be simpler just to set up a few groups instead?

Re:

[eno2001]

Hehehe... you nailed it. Where I work all of the end-user requests are highly frustrating. I might just go the https route that ratboy666 suggested.

LDAP Authentication

[a.koepke]

I would have a look at setting up LDAP authentication. A lot of ISPs use this for their systems, it is also what Active Directory is based on. Most decent FTP server programs support LDAP authentication, as does Apache. The best thing is that you can setup a web-based frontend to LDAP to easily allow them to create and remove accounts. It seems like the perfect solution to this problem.