Secure File Upload

Tom Hukins tom at
Fri Nov 13 03:48:11 PST 2009

On Fri, Nov 13, 2009 at 10:02:22AM +0100, Jan Henning Thorsen wrote:
> What about writing a catalyst app, which has an flash uploader /
> file manager as frontend toward the user?

That requires development and maintenance effort that I'd rather
avoid.  Currently, the httpd only serves static content.

> Is this required to be a closed system? If not, maybe you use ubuntu
> one or dropbox to sync the files between the different computers...

That's the kind of creative thinking I had hoped for when I asked the
question.  If I find something like Dropbox with an open API, the
uploader can use a friendly Windows tool and I can write a little Perl
script or use a CPAN module.

I doubt Dropbox itself will work for me as they don't provide binaries
that will run on my system, but they seem to have several competitors.

On Fri, Nov 13, 2009 at 11:35:50AM +0000, Robbie Bow wrote:
> 2009/11/12 Tom Hukins <tom at>:
> > 1) Make the process as easy as possible for the uploader
> > 2) Reduce the risk to my system, should the account become compromised
> > 3) Reduce the chance of making the account compromised (encryption)
> >
> The lazy web suggests adding /path/to/openssh/sftp-server to
> /etc/shells, making that the shell for the user, and then they can
> only run SFTP commands, so any attempt at shell access will be
> useless.

Thanks, this almost does the job perfectly.  But the user, or someone
who compromises the account, has read access to the entire file system
so it doesn't completely solve issue 2.

Bob has just pointed out on IRC that recent OpenSSH releases support
native chrooting with a little configuration:

Happy Tom

More information about the MiltonKeynes-pm mailing list