Menu

Tree [bbb1dd] default tip /
 History

Read Only access


File Date Author Commit
 doc 2010-11-08 Jeffrey A. Kintscher Jeffrey A. Kintscher [83f48d] Move the database open and close calls from the...
 gnulib 2010-11-01 Jeffrey A. Kintscher Jeffrey A. Kintscher [1b3429] Remove a file from soure control that shouldn't...
 man 2010-11-30 Jeffrey A. Kintscher Jeffrey A. Kintscher [51a769] Fix some idle connection timer bugs.
 src 2010-12-06 Jeffrey A. Kintscher Jeffrey A. Kintscher [58c096] Disable the idle connection timer when building...
 .hgtags 2010-12-06 Jeffrey A. Kintscher Jeffrey A. Kintscher [bbb1dd] Added tag release 0.3.1 for changeset 8d47193be72c
 AUTHORS 2010-09-28 Jeffrey A. Kintscher Jeffrey A. Kintscher [6170da] Change the project name from ConFUSE to ConFUSEd.
 COPYING 2010-09-27 Jeffrey A. Kintscher Jeffrey A. Kintscher [b3e0b4] Add --enable-mysql option to configure script.
 ChangeLog 2010-11-30 Jeffrey A. Kintscher Jeffrey A. Kintscher [647218] Update Changelog for release 0.3
 INSTALL 2010-11-02 Jeffrey A. Kintscher Jeffrey A. Kintscher [74944f] Add configuration instructions to the INSTALL f...
 Makefile.am 2010-11-20 Jeffrey A. Kintscher Jeffrey A. Kintscher [13b1a7] Add PostgreSQL support.
 NEWS 2010-09-28 Jeffrey A. Kintscher Jeffrey A. Kintscher [bb33a8] Remove the foreign flag from automake and add t...
 README 2010-10-29 Jeffrey A. Kintscher Jeffrey A. Kintscher [e1e428] Fix configure.in so that the project will build...
 arg-nonnull.h 2010-09-23 Jeffrey A. Kintscher Jeffrey A. Kintscher [70710d] Add stdint from Gnulib.
 c++defs.h 2010-09-23 Jeffrey A. Kintscher Jeffrey A. Kintscher [70710d] Add stdint from Gnulib.
 configure.in 2010-12-06 Jeffrey A. Kintscher Jeffrey A. Kintscher [8d4719] Set the version number to 0.3.1
 confused.conf 2010-11-29 Jeffrey A. Kintscher Jeffrey A. Kintscher [1c3cb0] Make the idle connection timer configurable in ...
 fdl-1.3.txt 2010-09-30 Jeffrey A. Kintscher Jeffrey A. Kintscher [f3f2de] Add free documentation license.
 warn-on-use.h 2010-09-23 Jeffrey A. Kintscher Jeffrey A. Kintscher [70710d] Add stdint from Gnulib.

Read Me

This is the README file for the ConFUSEd project.

Copyright 2010 Jeffrey A. Kintscher <websurfer@surf2c.net>

-- Licensing

ConFUSEd is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

ConFUSEd is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with ConFUSEd.  If not, see <http://www.gnu.org/licenses/>.

The GNU General Public License can be found in the COPYING file.

-- About

ConFUSEd stands for "Conf Filesystem in USErspace daemon".  It uses the FUSE 
driver to provide a filesystem containing conf files that are dynamically 
generated from a database.  Conf files are files that consist of lines 
containing keys and values in the format 'key=value'.  Each file name, key, 
and value are stored in a 3rd-party database.

Using a database server to serve-up conf files is a lot of overhead, but the 
following use case explains the motivation for creating the project.

-- Use Case

The Very Secure FTP Daemon, vsftpd, has a mechanism for providing per-user 
configuration options (see the vsftpd.conf man page for details).  When a 
user tries to login, vsftpd checks a specified directory for a file with the 
same name as the user,  and then uses any settings contained in the file to 
override the same vsftpd.conf settings for that user's FTP session.

It is common to configure vsftpd to use PAM to lookup the user names and 
passwords in a database.  Combining virtual users with per-user config files 
allows the creation of FTP sites with sophisticated user management.

There is one detail that can cause headaches for system administrators and 
end-users:  the FTP user config files and directory must belong to the same 
system user and group as the vsftpd daemon, which is typically root.root (for 
security reasons).  The permissions for the directory and files are also 
typically set to read/write for root and nothing for everyone else (again, 
for valid security reasons).  However, this means that only someone with 
superuser access can create/modify the FTP user config files.  So, while sys 
admins can easily delegate FTP user creation/deletion/password management to 
trusted database users, the sys admins still have to directly manage the FTP 
user config files.

A scenario that illustrates this problem is an FTP server located at a remote 
office that is managed by IT at the home office, which is several time zones 
away.  The FTP server is primarily used by the remote office to exchange 
files with vendors/customers that are local to them.  A trusted employee at 
the remote office has permission to manage FTP user names and passwords in 
the database, but has to wait for someone in IT at the home office to 
create/modify the per-user config files.  This tends to cause frustration at 
the remote office because the differences in working hours and priorities 
between the two offices can cause the simple task of FTP account changes to 
take a few days.

With ConFUSEd, the contents of the per-user config files can be moved to the 
same database as the FTP user names and passwords.  The mount point for 
ConFUSEd would be set to the user config directory specified in vsftpd.conf.  
When a user tries to login, vsftpd looks for a file with the same name as the 
user in the user config directory and checks the file ownership and 
permissions.  The FUSE driver passes the filesystem requests to ConFUSEd, 
which queries the user (i.e. file) name in the database and, if found, 
returns a directory entry with the correct file name, ownership, and 
permissions.  Vsftpd then opens and reads the file, with ConFUSEd returning 
the file contents queried from the database.

In the scenario above, ConFUSEd allows someone at the remote office to manage 
the FTP users without needing root access or involving someone in IT at the 
home office.

-- Configuration

Follow the instructions in the INSTALL file to configure and build ConFUSEd.  
The following comand line will configure ConFUSEd with MySQL support, build 
the project, and install the files under /usr/local.

./configure --enable-mysql
make
make install

Next, edit the file /usr/local/etc/confused.conf (or whever you told 
configure to install it).  There are descritpions in the file, and xecuting "confused --check-conf-file" will have confused verify the contents and exit.

Don't forget to create the required database tables and users (which is beyond the scope of this documnet).
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.