Download Latest Version confused-0.3.1.tar.gz (551.0 kB) Get Updates
Home
Name Modified Size InfoDownloads / Week
old releases 2010-11-02
0
ChangeLog 2010-12-06 19.7 kB
0
confused-0.3.1.tar.gz 2010-12-06 551.0 kB
0
confused-0.3.tar.gz 2010-11-30 550.2 kB
0
INSTALL 2010-11-02 11.4 kB
0
README 2010-11-02 4.8 kB
0
Totals: 6 Items   1.1 MB 0 
This is the README file for the ConFUSEd project.

Copyright 2010 Jeffrey A. Kintscher <websurfer@surf2c.net>

-- Licensing

ConFUSEd is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

ConFUSEd is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with ConFUSEd.  If not, see <http://www.gnu.org/licenses/>.

The GNU General Public License can be found in the COPYING file.

-- About

ConFUSEd stands for "Conf Filesystem in USErspace daemon".  It uses the FUSE 
driver to provide a filesystem containing conf files that are dynamically 
generated from a database.  Conf files are files that consist of lines 
containing keys and values in the format 'key=value'.  Each file name, key, 
and value are stored in a 3rd-party database.

Using a database server to serve-up conf files is a lot of overhead, but the 
following use case explains the motivation for creating the project.

-- Use Case

The Very Secure FTP Daemon, vsftpd, has a mechanism for providing per-user 
configuration options (see the vsftpd.conf man page for details).  When a 
user tries to login, vsftpd checks a specified directory for a file with the 
same name as the user,  and then uses any settings contained in the file to 
override the same vsftpd.conf settings for that user's FTP session.

It is common to configure vsftpd to use PAM to lookup the user names and 
passwords in a database.  Combining virtual users with per-user config files 
allows the creation of FTP sites with sophisticated user management.

There is one detail that can cause headaches for system administrators and 
end-users:  the FTP user config files and directory must belong to the same 
system user and group as the vsftpd daemon, which is typically root.root (for 
security reasons).  The permissions for the directory and files are also 
typically set to read/write for root and nothing for everyone else (again, 
for valid security reasons).  However, this means that only someone with 
superuser access can create/modify the FTP user config files.  So, while sys 
admins can easily delegate FTP user creation/deletion/password management to 
trusted database users, the sys admins still have to directly manage the FTP 
user config files.

A scenario that illustrates this problem is an FTP server located at a remote 
office that is managed by IT at the home office, which is several time zones 
away.  The FTP server is primarily used by the remote office to exchange 
files with vendors/customers that are local to them.  A trusted employee at 
the remote office has permission to manage FTP user names and passwords in 
the database, but has to wait for someone in IT at the home office to 
create/modify the per-user config files.  This tends to cause frustration at 
the remote office because the differences in working hours and priorities 
between the two offices can cause the simple task of FTP account changes to 
take a few days.

With ConFUSEd, the contents of the per-user config files can be moved to the 
same database as the FTP user names and passwords.  The mount point for 
ConFUSEd would be set to the user config directory specified in vsftpd.conf.  
When a user tries to login, vsftpd looks for a file with the same name as the 
user in the user config directory and checks the file ownership and 
permissions.  The FUSE driver passes the filesystem requests to ConFUSEd, 
which queries the user (i.e. file) name in the database and, if found, 
returns a directory entry with the correct file name, ownership, and 
permissions.  Vsftpd then opens and reads the file, with ConFUSEd returning 
the file contents queried from the database.

In the scenario above, ConFUSEd allows someone at the remote office to manage 
the FTP users without needing root access or involving someone in IT at the 
home office.

-- Configuration

Follow the instructions in the INSTALL file to configure and build ConFUSEd.  
The following comand line will configure ConFUSEd with MySQL support, build 
the project, and install the files under /usr/local.

./configure --enable-mysql
make
make install

Next, edit the file /usr/local/etc/confused.conf (or whever you told 
configure to install it).  There are descritpions in the file, and xecuting "confused --check-conf-file" will have confused verify the contents and exit.

Don't forget to create the required database tables and users (which is beyond the scope of this documnet).
Source: README, updated 2010-11-02