"App" password for SFTP access to volume
-
Hi there !
I'd like like to give access to a volume to a Kodi instance.
What I'm currently doing is using a custom app (https://git.cloudron.io/mehdi/river/), which serves its files with a basic nginx server, and I use the HTTPS feature of Kodi, which basically parses the basic directory views of a few of the most used HTTP servers (basically nginx and apache, I believe, maybe one or two others). This is all authenticated with basic-auth on the app side, so I can just use an app password on Kodi's side.
Now that volumes are a thing, I'm moving my setup towards separate apps which share data through volumes. And I'd like to give Kodi access to the files in question.
One way would be to create an app for that purpose, which serve the volume in question through the same HTTP/nginx thing, but it feels quite "hacky".
A cleaner way would be to be able to create an "app" password that would just give access to the volume only, through SFTP, and plug this into Kodi. However, that's not currently possible.
I think this could also be useful in other scenarios.
Also, side note, I think it would be good security practice to differentiate actual app passwords that allow logging into the app, and SFTP passwords that should only give SFTP access to the app storage. They are currently combined, and while it's convenient, I think it would be better to apply the principle of least privilege and only give necessary access to app passwords.
-
@girish said in "App" password for SFTP access to volume:
I guess we need to first implement SFTP access to volumes first and then implement app passwords for this feature.
Yeah, I may have forgotten about this detail
@girish said in "App" password for SFTP access to volume:
@mehdi Is kodi run outside Cloudron? Is that why you can't just mount the volume into kodi (I have no experience with Kodi).
Yes, Kodi is client-side actually. It doesn't run on a remote server, but on the device where you wanna play your media.
-
@mehdi I think maybe as a first step we can fix the FTP to be able to access not just the app data directory but also the volumes. That way you can then create an app password and then access the volume via FTP. Would that work for you? I put a task in Cloudron 7 to investigate.