ConFUSEd Code
Status: Beta
Brought to you by:
websurfer2c
This is the README file for the ConFUSEd project. Copyright 2010 Jeffrey A. Kintscher <websurfer@surf2c.net> -- Licensing ConFUSEd is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. ConFUSEd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with ConFUSEd. If not, see <http://www.gnu.org/licenses/>. The GNU General Public License can be found in the COPYING file. -- About ConFUSEd stands for "Conf Filesystem in USErspace daemon". It uses the FUSE driver to provide a filesystem containing conf files that are dynamically generated from a database. Conf files are files that consist of lines containing keys and values in the format 'key=value'. Each file name, key, and value are stored in a 3rd-party database. Using a database server to serve-up conf files is a lot of overhead, but the following use case explains the motivation for creating the project. -- Use Case The Very Secure FTP Daemon, vsftpd, has a mechanism for providing per-user configuration options (see the vsftpd.conf man page for details). When a user tries to login, vsftpd checks a specified directory for a file with the same name as the user, and then uses any settings contained in the file to override the same vsftpd.conf settings for that user's FTP session. It is common to configure vsftpd to use PAM to lookup the user names and passwords in a database. Combining virtual users with per-user config files allows the creation of FTP sites with sophisticated user management. There is one detail that can cause headaches for system administrators and end-users: the FTP user config files and directory must belong to the same system user and group as the vsftpd daemon, which is typically root.root (for security reasons). The permissions for the directory and files are also typically set to read/write for root and nothing for everyone else (again, for valid security reasons). However, this means that only someone with superuser access can create/modify the FTP user config files. So, while sys admins can easily delegate FTP user creation/deletion/password management to trusted database users, the sys admins still have to directly manage the FTP user config files. A scenario that illustrates this problem is an FTP server located at a remote office that is managed by IT at the home office, which is several time zones away. The FTP server is primarily used by the remote office to exchange files with vendors/customers that are local to them. A trusted employee at the remote office has permission to manage FTP user names and passwords in the database, but has to wait for someone in IT at the home office to create/modify the per-user config files. This tends to cause frustration at the remote office because the differences in working hours and priorities between the two offices can cause the simple task of FTP account changes to take a few days. With ConFUSEd, the contents of the per-user config files can be moved to the same database as the FTP user names and passwords. The mount point for ConFUSEd would be set to the user config directory specified in vsftpd.conf. When a user tries to login, vsftpd looks for a file with the same name as the user in the user config directory and checks the file ownership and permissions. The FUSE driver passes the filesystem requests to ConFUSEd, which queries the user (i.e. file) name in the database and, if found, returns a directory entry with the correct file name, ownership, and permissions. Vsftpd then opens and reads the file, with ConFUSEd returning the file contents queried from the database. In the scenario above, ConFUSEd allows someone at the remote office to manage the FTP users without needing root access or involving someone in IT at the home office. -- Configuration Follow the instructions in the INSTALL file to configure and build ConFUSEd. The following comand line will configure ConFUSEd with MySQL support, build the project, and install the files under /usr/local. ./configure --enable-mysql make make install Next, edit the file /usr/local/etc/confused.conf (or whever you told configure to install it). There are descritpions in the file, and xecuting "confused --check-conf-file" will have confused verify the contents and exit. Don't forget to create the required database tables and users (which is beyond the scope of this documnet).