Mailinglist Archive: opensuse-security (50 mails)

< Previous Next >
Re: [suse-security] Create FTP account remotely from web application
  • From: "Andy" <frum@xxxxxxxxx>
  • Date: Wed, 31 May 2006 09:35:42 +0300
  • Message-id: <008701c6847c$712a3340$0b00a8c0@xxxxxxxxx>
Thankx for the quick response.
I though also on this solution, my problem remains that I should know the
result of user creation.

This user that will be created will belong to a specific group and I have
the bash script that creates it. I thought that I can write a php script
that runs this bash under "higher rights".

What if I create in apache a link http or https and with user authentication
and I put in there this script? Of corse this script will need to run under
higher privileges. This script will be accessed only from local LAN so I can
cut off all other locations access. Will this be secure?

Regards,
Andy.

----- Original Message ----- From: "Ashley Gould" <agould@xxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Tuesday, May 30, 2006 7:30 PM
Subject: Re: [suse-security] Create FTP account remotely from web application


We are doing something kind of similar. A php web app creates a file that
needs to be transferred to another "sftp" server. But no way do I
want user apache to have access to login credentials on the sftp server.
Our hack is a separate user runs a cronjob every 5 minutes to check if
the php app has created the file, and if so, sftp it to the other server
using ssh keys with empty passphrase. Not very elegant, but more secure.

In your case, perhaps a user with sudo rights to create ftp accounts
can poll the webserver for some "make new account" flag that gets set
by your web application.


On Tue, May 30, 2006 at 04:25:03PM +0300, Andy wrote:
Somehow I need to runt these script on the local server(where the
application runs) or on the FTP server. Both servers are web-servers, so
probably I could make a request to a securized link, where is a script that
creates users.

I am not sure that this is the best option. It could be a major security
leak.
An if it is... then how to do it?


----- Original Message ----- From: "Peer Stefan" <stefan.peer@xxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Tuesday, May 30, 2006 12:58 PM
Subject: AW: [suse-security] Create FTP account remotely from web
application


Hi Andy,

this looks like you'll need some centralised authentication service. Try
set up an ldap server and configure your ftp server to use pam
authentication with ldap.
You'll still need to set up a local userid for filesystem permissions
though.

Good luck
Stefan

>From: Andy [mailto:frum@xxxxxxxxx]
>
>Hi to all,
>
>I have a web application from which I need to create some FTP
>accounts on another server.
>Between the servers I can have SSH, FTP or WEB(and some other
>if necessary but I don't think so) access but I don't know
>how to create the "relation" between the web scripts and
>account creation and of corse without to compromise the
>security of the systems.
>
>I need some advice.
>
>Thanks in advance.
>Andy.
>

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here




--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

--

-ashley

Did you try poking at it with a stick?


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here





< Previous Next >
Follow Ups