Closed amschaal closed 7 years ago
It seems that the only way around this is not to symlink things outside the root share directory! :(
Considering extending pyftpdlib (and dumping proftpd) to handle authentication, authorization, and setting of home directory. I can then override the "validpath" method to allow a whitelist of directories, which will permit symlinks to be safely followed. https://github.com/giampaolo/pyftpdlib/blob/master/pyftpdlib/filesystems.py
Also, it will be necessary to create an authorizer: https://github.com/giampaolo/pyftpdlib/blob/4dea0a7b46cdd13821e15b48f599d70e3bf93b3e/pyftpdlib/authorizers.py overriding validate_authentication and get_home_dir.
The downside of pyftpdlib is that it uses FTPS, which can create some firewall issues: http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html
It would be better, if possible, to implement SFTP. The most popular library in python that might be leveraged would be paramiko: https://github.com/paramiko/paramiko
Implementing own SFTP/FTP server will allow users to use their normal username/password. This will need to go in the authentication part of the server:
from django.contrib.auth import authenticate
user = authenticate(username=username, password=password)
The Paramiko based SFTP server has been working fine. Closing this.
Unable to traverse/download directories/files that are symlinked. The SFTP user is chrooted to the share directory, and so can not see linked directories if absolute or outside jailed directory: http://www.proftpd.org/docs/howto/Chroot.html