SME Server:Documentation:Administration Manual:Chapter14

From SME Server
Revision as of 04:29, 12 February 2014 by Wellsi (talk | contribs) (→‎Creating an i-bay)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


Information Bays (i-bays)

  Note:
See contrib SharedFolders it offers more flexibility on file permissions as it supports ACL. There're also some additional options in the Server-manager panel.

Use with caution, this is not part of a default SME server install and requires additional setup and configuration changes.


 

Information bays, or i-bays, are a unique feature built into your SME Server. i-bays are a powerful, simple, flexible mechanism for creating distinct information-sharing sites. The network administrator can define several characteristics for each new i-bay they create:

  • write access: the administrator can control access to the i-bay by associating the i-bay with a group. All groups previously created in the groups section of the server manager will appear in the drop-down menu under "group" in this section. In addition, two default groups will always appear - "administrator" and "everyone" (meaning all users, whether on the local network or on the Internet).
  • user access via file-sharing or FTP: The administrator can also control who has the ability to save a file into or modify the contents of the files in the i-bay (write access) and who has the ability to view the contents of the i-bay (read access). The administrator can specify whether the entire group can write to the i-bay or whether the administrator alone has the power to save files to the i-bay. Similarly, the administrator can control whether group members only can read the contents of the i-bay or whether the contents can be read by anyone.
  • password protection: the administrator can specify whether a password is required to access an i-bay from the Internet and what that password will be.


  Note:
If you select Password Required, users who connect to the i-bay via FTP, HTTP or HTTPS will be prompted to supply that particular i-bay's username and password. The user name is always the name of the i-bay and the password is whatever the administrator assigns to that i-bay - not the individual user's password. Note that, as with user accounts, i-bay accounts are locked out by default. If a password is required, users will not be able to access the i-bay until the administrator sets the password.


i-bays are simple to create and manage. The "Information bays" section of the server manager shows all current i-bays, the name of each i-bay and a description of its contents. In this section, you can delete an i-bay (which will delete all contents of the i-bay directory) and, if the i-bay requires a password, you can set it here. As with your user account directory, any i-bay that requires a password will appear in red until that password has been changed from "default" (the i-bay for Samson's Farms in the following image is an example of this).


  Note:
When you create an i-bay, the name may be up to 12 characters long #4  and may contain only lower-case letters, numbers, periods and underscores. The i-bay name should also start with a lower-case letter. For example, johnson, sales and client3.prj8 are all valid names, while 3associates, John Smith and Bus-Partner are not. Finally, an i-bay cannot use the same name as an existing user or group account. It must be unique. Note that there are two special names, primary and public, which are in use by the system and cannot be used for an i-bay name.


#4This 12-character restriction ensures that the i-bay can be shared correctly to all Windows machines.

i-bay Directories

Each i-bay has three directories - html, files and cgi-bin. Each directory is briefly outlined below:

  • cgi-bin: This directory is set aside to hold "CGI scripts" used for that i-bay's web pages. CGI scripts are tools used in advanced web site creation and are not discussed here.
  • files: This directory holds files that can be accessed either locally only or publicly. It can be used for such things as a company download site, a company-wide file sharing server, or a document sharing site for a specific customer. When someone connects to the i-bay using FTP, they will see the files in this directory.
  • html: When an i-bay is accessed using a web browser (via http), the user will enter the html directory and the web browser will automatically open the index file (usually index.html or index.htm) in that i-bay. In other words, it will display the web page associated with that i-bay. This means you can have different web sites running on your server, each associated with a specific i-bay. This can be very powerful and useful, as you will see in the upcoming examples.


  Warning:
Once a user account, group account, or ibay has been created, no directory or sub-directory within an ibay may be created that duplicates one of those names.



  Tip:
Generally, you can think of the html directory as the place to put all files, images and documents that you would like to be accessible through the web . The files directory is for all files that you want people to access through FTP or regular file sharing. Note that you can have as many subdirectories as you wish underneath either html or files but you cannot create additional directories at the top level of the i-bay.



  Note:
If an i-bay is set for no public access via web or anonymous ftp, users connecting to the i-bay through Windows or Macintosh file sharing will see only the contents of the files directory. However, if the i-bay settings are later changed to allow public access through web or anonymous ftp, users will then see the top-level directory of the i-bay with the three subdirectories of html, files and cgi-bin. The items they were used to seeing before will now be found in the files directory.


Accessing the i-bays

You can access the contents of an i-bay using a web browser, Windows file sharing smb/cifs , or FTP.

  • accessing an i-bay using a web browser (via http or https): To view an i-bay using a browser, enter "www.yourdomain.xxx/i-bayname". For example, the URL for Samson's Farms i-bay is "www.tofu-dog.com/samfarms". Assuming you are entitled to access this i-bay, you will see the index.html page in the html directory in the Samson's Farms i-bay. If a password is required to see the contents of the i-bay, a password dialog box will appear before the contents of the i-bay are served to the web browser.
  • accessing an i-bay via Windows file sharing and smb/cifs: To access the i-bay using Windows file sharing or smb/cifs, simply navigate to the server over your network browser (in Windows, this would be via "Network Neighborhood") and select the i-bay you want to enter from those appearing. You can only access an i-bay in this way if you are on the local network.
  • accessing an i-bay via the FTP server: To access the i-bay using FTP, you use your FTP client to connect to your server and use the i-bay name as the login id. If the i-bay requires a password, you will need to enter the i-bay password as well. If you are using a command-line or graphical FTP client, you will usually be prompted for the login username and password. If you are using a web browser, you will need to enter a FTP URL. This will be in one of the following forms, depending on whether or not a password is required:
 ftp://ibayname@ftp.domainname
 ftp://ibayname:password@ftp.domainname


  Warning:
Be aware that FTP transmits all passwords in the clear without encryption and can therefore be a security risk. If you are concerned about security, we suggest you consider the scp "secure copy" command associated with ssh as an alternative to FTP.


  • Note that users accessing the i-bay via FTP in this manner are not able to upload files to the i-bay. They can only download files from the i-bay to their client.
  • It is possible to upload files using FTP, but to do so you must login to the server with a valid user name, not the i-bay name. That user account must be a member of the group that has been given write permission for the i-bay (configured on the i-bay screen). You would then change to the i-bay directory (using the ftp command "cd ../../ibays/ibayname"). You will now be able to upload files from your FTP client to the appropriate directories.

In the next few sections, we will take a look at some examples of i-bays that have been created by our hypothetical catering and event-planning company, The Pagan Vegan, to demonstrate their capabilities.

Creating an i-bay

No matter how you are going to use an i-bay, the process of creating an i-bay starts by clicking on the "Click here" link at the top of the Information Bays panel in the server manager. You will be presented with the form shown in the image below.

 

You now need to fill out the form providing the information and making the choices described below. Note that the ftp access described below can be overridden by the FTP access limits setting on the Remote access panel of the server manager. If you choose to "Disable public FTP access" there, ftp access for individual i-bays will not be allowed, even though you will appear to be able to enable it from the i-bay configuration screen.

  • Information bay name: This is the short name of the i-bay (subject to the 12-character length restriction mentioned earlier). The i-bay name will be what users will enter in the URL after the hostname to access the i-bay from the web. For instance, if public access is enabled, an i-bay named 'intranet' can be accessed by the Pagan Vegan staff at 'http://www.tofu-dog.com/intranet/'.
  • Brief description: This text will appear in various administrative screens and can be a useful reminder of the i-bay content.
  • Group: Ownership of the i-bay content is assigned to an existing group. The group ownership plays a role in the next setting for user access.
  • User access: You need to decide who will be able to add and modify content in the i-bay and who will be able to read the content.
  • Public access: Here you set what type of public access you wish to have for the i-bay. If the i-bay is just to be used by a small group of users, you can leave public access set to the default of None . If you want others to be able to access the i-bay via web or anonymous ftp, you can choose to allow access to just the local network or the wider Internet. You also can choose whether or not you wish to require a password.


  Note:
If you choose one of the modes of Public access via web or anonymous ftp that requires a password, public access will not be available until you set the i-bay password from the main information bay panel in the server manager. Once you do so, users can access the i-bay through their web browser or ftp by using the i-bay name and i-bay password, rather than their own user name and password.


  • Execution of CGI scripts: If you want to use CGI scripts to add functionality to your web site, you can execute those scripts from the cgi-bin directory of your i-bay. However, for security reasons you must first choose enabled here to allow such scripts to be executed.
  • Force secure connections: Provides an option to force https per ibay, so that on navigation to an individual ibay using http an automatic redirection to https is forced. iBays that do not have force secure connections enabled are not effected and retain the default http connection protocol.

Once done filling out the form, click the Create button and the server manager will create your i-bay. If you wish to change these settings at any later point, you can click on Modify next to the i-bay name in the information bays panel of the server manager.

Modifying an i-bay

At any point in time you can modify the attributes of an i-bay (except for its name) by clicking on the " Modify " link next to the i-bay name on the "Information bays" panel of the server manager. For instance, you can easily change the description, group ownership, and access methods. There are, however, a few items to be aware of when modifying i-bays:

  • If an i-bay is set for no public access via web or anonymous ftp, users connecting to the i-bay through Windows or Macintosh file sharing will see only the contents of the files directory. However, if the i-bay settings are later changed to allow public access through web or anonymous ftp, users connecting through file sharing will then see the top-level directory of the i-bay with the three subdirectories of html, files and cgi-bin. The items they were used to seeing before will now be found in the files directory. This may disrupt Windows shortcuts and configuration settings. (The good news is that simply changing the public access setting back to "None" will return i-bay file sharing access to its previous configuration.)
  • After an i-bay is modified, all Macintosh users will be disconnected from the i-bay and will need to reconnect. All Macintosh users will receive an alert stating that they will be disconnected in 5 minutes.

Outside of those concerns, you can modify the i-bay as often as you wish. If you wish to change the actual name of the i-bay, you will need to remove the i-bay and create it again. (Note that this will delete the contents of the i-bay, so make sure you have backed up the i-bay data before you remove it.)

An i-bay Used as a Customer Site: The Miles Gabriel Art Exposition

"The Pagan Vegan" (TPV) has found that customers like having access to a customized web page which summarizes all of the information pertaining to their particular event. The company finds it reduces the risk of miscommunication and improves its image and reputation. The ".html" files in the i-bay's html directory are based on a template that TPV uses for each customer. Creating each web site is a straightforward, fill-in-the-blanks process.

 

TPV has chosen a naming convention for i-bays that customers can easily remember - first initial, last name. Because it contains important customer information, only the site administrator can save files into this i-bay. To prevent others from accessing the customer's i-bay, a password is required to enter the site. (TPV created individual passwords and securely provided them to their customers.)

 

Miles Gabriel has contacted The Pagan Vegan to cater an art exposition. The Pagan Vegan has created an i-bay specifically for Mr. Gabriel's account called "mgabriel". Mr. Gabriel accesses the site with the URL www.tofu-dog.com/mgabriel . As you can see, Mr. Gabriel has access to a summary of his event information. He can check at any time to ensure the arrangements are correct. For example, at midnight tonight he can access his i-bay to show his spouse the design used for his invitations!

An i-bay Used as a Shared Network Drive

Having a shared network drive can be very helpful as a way of storing and sharing documents company-wide. TPV uses an i-bay for a company-wide network drive to hold documents to which all employees should have access. All employees can read and write files to this directory. The i-bay is accessed via Windows file sharing, ~AppleTalk or FTP. To access using file sharing, simply access the server over the network (via Network Neighborhood) and open the appropriate i-bay . You will see the files located in the files directory and can then open them or copy them to your system.


  Note:
This is only true if the i-bay has been set to allow public access via web or anonymous ftp. If an i-bay is set for no public access via web or anonymous ftp, users connecting to the i-bay through Windows or Macintosh file sharing will simply see the contents of the files directory. However, if the i-bay settings are later changed to allow public access through web or anonymous ftp, users will then see the top-level directory of the i-bay with the three subdirectories of html, files and cgi-bin. The items they were used to seeing before will now be found in the files directory.


As an example, when the staff of The Pagan Vegan goes into their Network Neighborhood, they double-click on "E-smith-server" as shown in:

 

They will then see a list of i-bays accessible through Windows file sharing. When they click on one of them called "sharedfiles", they see the three folders inside of the i-bay:

 

When they go inside of files, they will then see the list of documents provided there:

 

As you can see in this example, The Pagan Vegan has several files in this directory for company use. Providing a centralized location for company documents (such as expense report templates) ensures that everyone always has access to these documents and uses the most up-to-date version.

An i-bay Used as an Intranet: The Pagan Vegan "Vegemite"

The Pagan Vegan has created an i-bay for its company newsletter / intranet. The company has found this to be a good way for employees to express themselves and share information.

 

In keeping with TPV's culture, the newsletter is very casual. The company has a high degree of trust in its employees, and, as a result, employees are given full access to the contents of the intranet so anyone on staff can revise it. A more typical company might want the intranet to be created by a particular staff member and "checked in" by the administrator (write access "administrator only"). The intranet is, of course, viewable only from the internal network. No password is required. To access the intranet, TPV employees use their web browsers to access the URL www.tofu-dog.com/intranet/filename.htm.

 

This particular newsletter was created using a desktop office application called LibreOffice (similar to Microsoft Office). The files were created as typical word processing documents, saved into ".html" format and then transferred into the html directory of the "intranet" i-bay using Windows file sharing. Starting with just a blank document, it took only about an hour to create the main page and the other pages that make up this newsletter.

An i-bay Used to Expedite Processes: Samson's Farms

Samson's Organic Farms delivers fresh produce to The Pagan Vegan every week. Samson's and TPV use an i-bay to improve the ordering and delivery process. TPV has created an i-bay for Samson's called "samfarms". It is accessible to the external Internet but password-protected so that only staff at TPV and Samson's Farms can read it. Anyone on TPV's local network can write to it.

 

Here's how the process works:

  • Each week, Mr. Samson updates his online order sheet to include only produce that will be ripe and ready for the next delivery date. He saves it in ".html" format and e-mails it to The Pagan Vegan's administrator.
  • Upon receiving the e-mail, TPV's administrator saves the file directly into the html directory of the "samfarms" i-bay.
  • The chef accesses the samfarms i-bay, reviews what produce will be available, and plans menus.
  • The chef's assistant then reviews the menus, checks against existing inventory and determines what should be ordered. The assistant enters TPV's order directly onto the order sheet in the samfarms i-bay using an HTML editor.
  • The day before delivery, the chef reviews his assistant's order (as shown in the image below) using a web browser and makes any last minute adjustments.

 

  • On the day of delivery, Samson's shipping staff accesses the i-bay over the Internet, prints out TPV's order from the samfarms i-bay, and fills it.

An i-bay Used as Your Customer Download Site

When customers hire The Pagan Vegan to plan events, they need to review a great deal of information - menu options, catalogues from various vendors for event stationary, table-setting rentals, etc. Often customers want several days to review it all. TPV has only a limited number of catalogues for loan, so it decided to provide customers with access to this information online. To accomplish this, TPV created a download i-bay, called "menus", where customers can download the catalogue files themselves and view the contents on their desktop machines.

 

TPV set the i-bay for Administrator-only write access, viewable over the entire Internet, with no password required. A customer accesses the site using the FTP client in their web browser to login as the i-bay user name by entering the URL ftp://menus@ftp.tofu-dog.com . This is what the customer sees:

 

When the cursor is placed over a file name, the full name of the file appears. To download a particular file, the customer simply clicks on the file name. A browser window allows the customer to select a destination directory for the file on his or her local hard drive.