[IMC-Tech] Request for "awarexfr" account for updating AWARE web site -- either FTP or sftp access

[Stuart Levy]

Hello all,

It appears that the blogger.com route for updating the AWARE web site
(http://www.anti-war.net/), hosted on zeco, hasn't been working for a while.

I guess the old imsahp had a special account, "awarexfr",
which allowed chrooted FTP access to a single directory
"/var/www/aware/awarexfr", where the blogger.com software
knew to update a single file, aware-annc.html.

I'm writing to request creating a new "awarexfr" account.
It could allow either FTP access if you like (though I see that zeco
isn't running an FTP server now) or "sftp" access.

Security impact: the password to the awarexfr account would be known in
a hidden place on blogger.com.  (This was true before, too.)

In this respect, allowing chrooted FTP access might even be more
secure than allowing sftp; if somehow the password leaked out,
an FTP user would only be able to see or change the AWARE web site,
while a normal sftp user could read any publicly-readable file on zeco.

I see that chrooted sftp is possible (see chrootssh.sourceforge.net,
with patches for OpenSSH's session.c file) but it'd need to be set up,
and would need to replace zeco's installed sshd/sftp-server.
If you like this idea, I'd be happy to build the pieces if someone
else would install them.

If I were sysadmin, I'd vote for plain chrooted FTP for this case,
with the FTP server configured to allow only the "awarexfr" account
to log in.

Anyway, the request:

     new account "awarexfr"

     member of   "aware"   group

     home dir    "/var/www/aware/awarexfr"  (which already exists; no dot-files needed)

     shell might be "/usr/libexec/sftp-server" if sftp sounds best,
		else "/bin/sh"

     password:  please let me (slevy at ncsa.uiuc.edu) know if you're doing this
		and we can communicate a password by phone.

Thanks.

    Stuart Levy, AWARE webmaster