Current time: 11-22-2024, 04:02 PM Hello There, Guest! (LoginRegister)


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
reseller with ssh/ftp access
Author Message
maur Offline
Junior Member
*

Posts: 14
Joined: Jan 2010
Reputation: 0
Post: #1
reseller with ssh/ftp access
Hello.

As i saw in wishlist:
"resellers have an ftp login, where all users belonging to him are listed with their homedirs
resellers and users have ssh-shell (allow/disallow by admin for resellers, if allowed, resellers can allow/disalow for users)"

Im still getting knowing isp-cp panel, so i don't know exactly where are the limits in this case.
But Im really interested in helping or writing a modification allowing to setting ssh access.

Anyway.. i wanted to ask i someone maybe knows something more (like couple of technical issues involved in this task/wish) then these 2 lines?
02-03-2010 01:13 AM
Find all posts by this user Quote this message in a reply
maur Offline
Junior Member
*

Posts: 14
Joined: Jan 2010
Reputation: 0
Post: #2
RE: reseller with ssh/ftp access
C'mon.. None of you guys has any idea about permissions of this directory structure?
02-04-2010 03:32 AM
Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #3
RE: reseller with ssh/ftp access
Quote:resellers have an ftp login, where all users belonging to him are listed with their homedirs
Unfeasible right now. Resellers do not have any system user assigned to them, neither ftp logins. This is because each main domain is treated as an individual entity (with it's own user). Nobody else can access their files. Not even the panel.

Quote:resellers and users have ssh-shell (allow/disallow by admin for resellers, if allowed, resellers can allow/disalow for users)

This is mostly a gui and trust issue. If you want a specific user to get shell access, just replace his default shell *and* change her password. Now, they will not be sandboxed/chrooted in any way, so make sure that permissions are correct elsewhere so he doesn't get access to things she shouldn't.
02-04-2010 07:31 AM
Visit this user's website Find all posts by this user Quote this message in a reply
maur Offline
Junior Member
*

Posts: 14
Joined: Jan 2010
Reputation: 0
Post: #4
RE: reseller with ssh/ftp access
(02-04-2010 07:31 AM)kilburn Wrote:  
Quote:resellers have an ftp login, where all users belonging to him are listed with their homedirs
Unfeasible right now. Resellers do not have any system user assigned to them, neither ftp logins. This is because each main domain is treated as an individual entity (with it's own user). Nobody else can access their files. Not even the panel.
Yes, i know. But you have it in wishlist.. so i thought maybe someone have an idea. Add system account to reseller isn't such a problem, but i don't know (yet) how to resolve problem with permissions..

Or wishlist is like "put there a porsche. It's a nice car. I don't know how we can put car into panel, but it's still pretty"?
02-04-2010 08:03 AM
Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #5
RE: reseller with ssh/ftp access
The wishlist is open to everyone and not moderated (except from very obviously malicious messages). You could go there and write "It would be great if the panel calls customers through VoIP when they're over quota, using a synthetized voice from festival". The stuff that we're commited to implement is on the roadmap, not in the wishlist.

What I mean is there are a lot of things in the wishlist that had not been discussed neither between devs nor in the community. As a result, we have no specific plans for these tasks, whereas we are "idle" on others because of technical blockers, etc...

In this case, I can assure you that this specific feature won't make it into the panel anytime soon, because:

1. It would force us to change the current fs layout that is hardcoded on some scripts (hard, bug-prone task).
2. There is no layout that can allow this "reseller has access to all their users' files" thingy without requiring acl support from the fs (something that is bad for performance, some distros doesn't even support and is very difficult to backup).
3. Some people (me at the very least) think that it's just stupid. Resellers can create temporary ftp accounts and access users' files, so there's no need to provide them with direct access everywhere. Additionally, anyone hacking the reseller ftp automatically would gain access to all the users' files, something that can be prevented by maintaining the current setup.

About the shell access feature, I know someone tried to implement it (without chrooting), so try searching the forum for more info / to see if he got something working. About the chrooting... it's a technical blocker: there's no "single solution fits all needs" available right now (I've invested a considerable amount of time analyzing different options) so we would have to either favor one type of users or implement multiple options, and we simply don't have the required dev workforce to do it.
02-04-2010 08:45 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)