OpenSSH GSoC Project

[Ben Lindstrom]

On Mar 25, 2009, at 2:48 AM, Salvador Fandino wrote:

>>> - implement fine grained access control for the SFTP server,  
>>> limiting
>>> which SFTP operations are available (for instance, forbidding  
>>> directory
>>> reading).
>>
>> The file permissions should be access control.  Having yet another  
>> layer on top
>> of it is silly.  The only valid argument ftp has for doing such  
>> garbage is they
>> support an "anonymous" mode where it isn't a real user.
>
> That's like saying that firewalls are useless because access control  
> can be performed at the service level


> Being able to stablish policies from a central point would be a real  
> advantage.

                              
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

You just gutted your argument right there and you are agreeing with my  
above comment. The "central point" for establishing policies is your  
filesystem and not the sftp-server.  The sftp-server is a one-off  
method for file access (same with scp, ftp, rcp, http, samba, nfs, or  
any other "fille access" protocol), because it isn't the central  
source of truth but only the an additional restriction control for a  
single access point.  By putting the restrictions in sftp-server you  
break the concept of setting policies in one spot and now have to go  
through two layers of "filesystem" like properties to figure out what  
is going on.

- Ben