Exchange-files

Download:

You will find all the files together in one archive HERE (All scripts are GPL v3).

Prerequisite:

You do not need a server-art. A machine type: dual CPU (or quad) core + 4 GB (or more) of RAM + a large hard drive 1.5 to 2 TB (RAID 5 or a minimum of 3 hard disks) are sufficient. The operating system is Linux of course.

The server must be secure because it is visible everywhere on the net: + OS update all security tools (antivirus, anti-rootkit etc. ..). The ideal is to dedicate the server solely to this task. Which facilitates the firewall rules.

The package MySecureShell must be installed on the server (very well explained on the site) and an SSH server Opensource as OpenSSH

MySecureShell configuration is simple: there is only one file (well commented) sftp_config directory service SSH /etc/ssh/

For our case, the configuration takes a few lines (up to you to change depending on your needs):

<Default>

Home /home/

$USER StayAtHome true

VirtualChroot true

LimitConnectionByUser 10

LimitConnectionByIP 10

HideNoAccess true

IgnoreHidden true

IdleTimeOut 300

</Default>

All users must have an FTP or SFTP client (supporting SSH) to install on their machine. The FTP client FileZilla is multiplatform (Windows-Mac-Linux) and can be downloaded at:
http://filezilla-project.org/download.php?type=client

There is a version called "portable" (Windows only) in the form of executable and allows to use FileZilla without installing it on the computer in your possession:
http://filezilla-portable.softonic.fr

DESCRIPTION

I use the term "permanent user" to refer to people remaining in the laboratory more than 6 months (researchers, PhD student, ITA). The others are called "non permanent".

The server is the platform for exchange among all users or not permanent. Depending on the category where the person class, a number of rights allocated to it.

The permanent account offers the advantage of not being limited in time and navigation to all the accounts of other users (permanent or not) is allowed. By cons, a permanent operating only in his repertoire. He does not view other users' directories. Some would argue that OpenSSH as such is capable of performing this type of operation. This is just an offer but MySecureShell granularity and flexibility of the rights of each user that does not (yet?) OpenSSH.

Characteristics of different accounts:

-> For permanent users:
No deadline to file hosting,
4GB max per file (raisonnaible limit),
Amount of disk space XXXGo max (depends on your hard disk),
Security: SSH + SFTP

-> For visitors:
Account valid for 30 days => can be flexible on demand
4GB max per file (raisonnaible limit),
Amount of disk space XXXGo max (depends on your hard disk),
Security: SFTP only.

Such as:

Transfer of documents between two permanent:

User A submits its documents in his or her login directory. User B retrieves the document from the directory of the user A. Communication of the deposit and the effective withdrawal of the document is not managed by the server. Similarly, the name of the login directory is not shared by the server. This is for users to take responsibility for making the disclosure. Similarly if B wants to release records for A, it transmits all documents only in his login directory B.

Transfer documents between a permanent and a non-permanent:

Of course, the creation account of the non-permanent (srcipt admin_users) can not be done at the request of a person standing in the lab system admin. When creating the account non-permanent, by default, the account is created for only 30 days (after this time, it automatically blocks and it is not deleted!). However, during this period is adjustable (admin_users_non_permanent script) and after creating the account (gestion_compte_users script). Once the account is created, an email (in French or English) that contains the login / password of the account is sent to the non-permanent and permanent. Unlike the previous example, it is only with this account that the transfer can take place in two senses.

Advantages of this solution:

- Documents are in your server (privacy enhanced) and not hosted by a third party (cloud ...).

- The anti-virus server (of course you have installed) every document passes through the mill: enhanced security.

- Low visibility on the Web (no web server like Apache hackable).

Disadvantage of this solution:

- No notification of document availability.

- Solution requiring "knowledge" of the file transfer by FTP client.

- Solution less "user friendly" than other free solutions but limited in size and time records.

Notes:

- The examples may change depending on how much freedom you give to each user account.

- Documents sent can be encrypted by users.

- The script verif_comptes_verrouilles is run by cron every day. He is responsible for checking if an account is blocked. In this case, an email is sent to the lab admin to prevent it.

Page updated on 10/04/2012