- FTP programs that aren't WinSCP with "environment -> SFTP -> server -> sudo -u tools.novem-bot /usr/lib/sftp-server" configured appear to the user to work, but create some hard-to-track-down bugs because files have the wrong owner. For example I tried using FileZilla Client before I found the tutorial.

My take on this is that Toolforge is unabashedly a linux environment. If there's some incompatibility with a Windows app, that's not toolforge's problem. I log into toolforge with this alias:

alias spi-tools-dev='ssh -t dev.toolforge.org tmux new -A -s spi-tools-dev become spi-tools-dev'

As needed, I set up port tunnels with things like:

alias tunnel='ssh -t dev.toolforge.org -L 23002:localhost:23002 become spi-experiments'

And likewise I can move files in and out with scp. I agree that there's a learning curve to all this ssh stuff (including the associated key management), but hiding that beneath a cPanel veneer just makes it all the more mysterious because you're never really sure what's going on. If you're going to develop in a linux environment, invest the time to learn the linux tools.

Suggested fix: give a separate login for each tool folder, so that you don't have to sudo

Logging in as a person. then gaining some specific additional set of rights with sudo (the "become" utility is really just a thin wrapper around sudo) maintains the appropriate distinction between authentication (who you are) and authorization (what you're allowed to do). If each tool had its own login, then how would multiple people maintain the tool? They'd have to share the password to the account. That's not a good plan.