"App" password for SFTP access to volume

mehdi

Hi there !

I'd like like to give access to a volume to a Kodi instance.

What I'm currently doing is using a custom app (https://git.cloudron.io/mehdi/river/), which serves its files with a basic nginx server, and I use the HTTPS feature of Kodi, which basically parses the basic directory views of a few of the most used HTTP servers (basically nginx and apache, I believe, maybe one or two others). This is all authenticated with basic-auth on the app side, so I can just use an app password on Kodi's side.

Now that volumes are a thing, I'm moving my setup towards separate apps which share data through volumes. And I'd like to give Kodi access to the files in question.

One way would be to create an app for that purpose, which serve the volume in question through the same HTTP/nginx thing, but it feels quite "hacky".

A cleaner way would be to be able to create an "app" password that would just give access to the volume only, through SFTP, and plug this into Kodi. However, that's not currently possible.

I think this could also be useful in other scenarios.

Also, side note, I think it would be good security practice to differentiate actual app passwords that allow logging into the app, and SFTP passwords that should only give SFTP access to the app storage. They are currently combined, and while it's convenient, I think it would be better to apply the principle of least privilege and only give necessary access to app passwords.

girish

I guess we need to first implement SFTP access to volumes first and then implement app passwords for this feature.

@mehdi Is kodi run outside Cloudron? Is that why you can't just mount the volume into kodi (I have no experience with Kodi).

mehdi

@girish said in "App" password for SFTP access to volume:

I guess we need to first implement SFTP access to volumes first and then implement app passwords for this feature.

Yeah, I may have forgotten about this detail

@girish said in "App" password for SFTP access to volume:

@mehdi Is kodi run outside Cloudron? Is that why you can't just mount the volume into kodi (I have no experience with Kodi).

Yes, Kodi is client-side actually. It doesn't run on a remote server, but on the device where you wanna play your media.

girish

@mehdi I think maybe as a first step we can fix the FTP to be able to access not just the app data directory but also the volumes. That way you can then create an app password and then access the volume via FTP. Would that work for you? I put a task in Cloudron 7 to investigate.

mehdi

@girish Having SFTP access to volumes through the app's SFTP connection would be a good first step, yeah. TBH, I assumed it was already the case

It would work for my usecase, yes.

hendrikvl

As far as I see, this has not been implemented yet. Is there any news on SFTP access for volumes? Either through the apps operator access or separate passwords?

nebulon

Not really, given the low usage of sftp, we haven't focused on that in some time. The webbased filemanager gets more development lately to hopefully be able to further reduce the need for sftp.

girish

@nebulon Maybe we should provide a way for the operator to access the volumes via the File manager ? Maybe a button from the Mounts UI to open the file manager?

hendrikvl

Ok, thanks for the update. Works for me as it is, but was curious if the ideas discussed above are still to be implemented.