I have a couple employees that aren't experienced with the Linux shell. Is is possible for them, on their Macs, to be able to open a remote connection with our servers(with Finder or otherwise), browse the files, then open a file, say /etc/ssh/sshd_config, with their local editor, modify it, then when they save it saves it on the remote side?
Asked
Active
Viewed 1,948 times
0
-
Do *panic* and such a *transmit* becomes easy... – Sven Mar 08 '13 at 00:07
-
1You could set up a CIFS or AFP share on the server and then they could mount the appropriate filesystem using "Connect to server..." in the Finder. – larsks Mar 08 '13 at 00:21
-
I like that idea larsks, I'll start working in that direction. – Safado Mar 08 '13 at 05:56
1 Answers
2
Yes & no & why? When you say:
…browse the files, then open a file, say /etc/ssh/sshd_config, with their local editor, modify it, then when they save it saves it on the remote side?
Well, the sshd_config is a fairly deep system file. And any user editing that would need root access or placed in the sudoers. So why would you want folks who you say “aren't experienced with the Linux shell” to have such deep access in such a casual way?
Assuming you are confident this needs to be done, the users need to be given sudo and sftp access. Then they could just use any FTP program to setup an SFTP connection, maneuver to the files they need to edit & the job is done.
But that is really a bad way to handle access, privileges & permissions. And the scenario you describe is absolutely horrendous from a security standpoint.
But then again, where are they accessing from? Outside of a closed network? Remotely from home? Maybe if this were in an Intranet then this would not be so bad. You could even setup AFP or Samba access. But if you are talking about folks accessing a secured server across a distance, AFP an Samba are horrible choices because they are protocols that thrive in low-latency (ie: fast/no-delay) environments. SFTP is the only choice.
Giacomo1968
- 3,542
- 27
- 38
-
Well, the whole sshd_config was a hypothetical. The files that need to be edited are non system files that are owned by the user that they'd be authenticating as. But your suggestion of using an SFTP client is almost there. It would be ideal to remove the extra steps of transferring the file back forth before and after editing it. – Safado Mar 08 '13 at 06:03
-
You don’t have to transfer files back & forth with SFTP. Just open an SFTP connection with an FTP tool like `Fetch`, `CyberDuck` or `Transmit`, choose the file that has to be edited & all programs allow that file to be edited in place with editors local to a users Mac like `TextEdit` or `BBEdit`. – Giacomo1968 Mar 08 '13 at 12:39
-
1