Difference between revisions of "FTP Access to Ibays"
m (Changed layout of the note to adhere to this wiki style) |
m |
||
Line 65: | Line 65: | ||
---- | ---- | ||
[[Category:Howto]] | [[Category:Howto]] | ||
+ | [[Category:Administration:Remote Access]] |
Revision as of 18:31, 10 May 2010
FTP Access to Ibays
Applies to: SME 7.1.3 / smeserver-remoteuseraccess 1.2-12
References: Lots of helpful posts
Author: mmccarn
- Updated: 6/5/07
Objective
Allow chroot'ed access to a single ibay for a specific non-admin user.
Procedure
Install the smeserver-remoteuseraccess contrib
yum --enablerepo=smecontribs install smeserver-remoteuseraccess signal-event post-upgrade; signal-event reboot
Create a security group for the target user and ibay
Using server-manager:Collaboration:Groups:
- create a new 'Group' for your user and ibay (for example "ibaygroup")
Create the target user, adding him/her to the group created above
Using server-manager:Collaboration:Users
- create a new user (for example 'ibayuser')
During creation
- select the group created above under 'Group Membership'
After creation
- 'modify' your new user and set a password
Create the target ibay, granting read and write access to the group created above
Using server-manager:Collaboration:Information bays
- create a new ibay (for example 'ibay')
- Set the "Group" to the group you created above
- Set "User access via file sharing or user ftp" to "Write=group, Read=group"
- Set "Public access via web or anonymous ftp" to "Entire Internet (password required)"
Configure the SME ftp service for public access using password authentication
Using server-manager:Security:Remote Access
- set "FTP access" to "Allow public access (entire Internet)"
- set "FTP password access" to "Accept passwords from anywhere"
Configure chroot access using smeserver-remoteuseraccess
Using server-manager:Security:User Remote Access (new panel installed above)
- select the user created above
- select the desired chroot path in "Select Chroot Path". The pull-down menu will include all ibays plus links to both <ibayname>/files and <ibayname>/html.
If you only want users to be able to access an online ftp file store, select <ibayname>/files. If you want users to be able to update the html documents for <ibayname>, select <ibayname>/html. If <ibayname> has "Execution of dynamic content (CGI,PHP,SSI)" enabled, you probably want to select <ibayname> so that users can upload files to both <ibayname>/html and <ibayname>/cgi-bin.
Security Implications
- ftp passes usernames and passwords over the internet in plain text; therefore, enabling ftp access from the internet using passwords is a security risk.
- I am unaware of any security impact simply from installing smeserver-remoteuseraccess, but almost everything you can do with it does have a potential impact on your server's security.
- I don't know if groups are added to /etc/ftpusers by design or by accident. If by design, there is probably a security implication in allowing group access to your FTP sites other than the obvious one (the more people who can access your server insecurely, the worse your security).