1
edit
Changes
From SME Server
Jump to navigationJump to search
mLine 1:
Line 1: − + − Line 16:
Line 15: − + − + − − On sme8.0 servers replace the above with the following yum install command − − Configure the dag repo for el5 as per current wiki instructions here http://wiki.contribs.org/Dag, and configure the sme7contribs repo as per wiki, then use this command to also install fuse-encfs: − yum install smeserver-shared-folders fuse-encfs --enablerepo=sme7contribs --enablerepo=dag − − + Line 79:
Line 72: − + − + Line 95:
Line 88: − === Ajaxplorer ===+ − If you install the [[Ajaxplorer]] contrib, you'll have a new option displayed in the configuration of the shared folders. With this, you can easily enable the access of any shared folders through Ajaxplorer. This is only available on SME8. − + + + + − + − {{Note box|Data encryption has only been tested on SME8, it might work on SME7 but it's not supported. YMMV}} − Since smeserver-shared-folders-0.1-50, you can now encrypt all the data stored in a shared folder. For this to work, you first have to install fuse-encfs from the Dag [[Dag|rpmforge]] repository (don't use the fuse-encfs from the EPEL repository as it's broken) − + − + + + + + + + + + + + + + − {{Note box|on SME8 kernel, the fuse module fuse-kmdl is already included, so it does not need to be installed, but on SME7, you need to install the fuse-kmdl module for your current kernel. fuse-kmdl can be found in [[ATrpms|atrpms repository]]}}+ + + + + + + + + + + + − Now, when you create a new shared folder, you have a new option to encrypt the data. You'll have to type a password, and to select '''enabled''' for the encryption. An encrypted shared folders can be '''protected''' (data is only available in encrypted form) or '''enabled''' (data appear in clear text, encryption/decryption is done on the fly). Changing the state of an encrypted shared folder can be done through the 'Shared Folder Encryption' panel in the server-manager. You can grant access to this panel to all users using the [[UserManager]] contrib. Users will only be able to toggle mode of shared folders they have access to (and of course, they need to know the correct password) Line 127:
Line 142: + + + + + + + + + + − **'''ManualPermissions''': if you set this key to enabled, the permissions will only affect web access (HTTP, WebDav, Ajaxplorer), and will not touch the permissions on the file system. This can be used to host web applications with custom permissions.+ − **'''Hide''': if set to yes, this share will not be listed in the server-manager+ − **'''Removable''': if set to no, you won't be able to remove this share through the server-manager+ + + + + + + + + + + + + + + + + + + + + + + Line 171:
Line 218: − + + + + + + + + +
Removed the Pydio note of being available only on SME8
{{Languages}}
{{Languages}}
{{usefulnote}}
===Maintainer===
===Maintainer===
[[User:VIP-ire|Daniel B.]]<br/>
[[User:VIP-ire|Daniel B.]]<br/>
=== Requirements ===
=== Requirements ===
*SME Server 7.X
*Min SME Server 7.X
=== Installation ===
=== Installation 8.x and 9.x===
*install the rpms
*install the rpms
yum --enablerepo=smecontribs install smeserver-shared-folders
yum --enablerepo=smecontribs install smeserver-shared-folders
*Mount your file system(s) with the ACL option
*Mount your file system(s) with the ACL option
If you use a standard SME server installation:
If you use a standard SME server installation:
signal-event post-upgrade && signal-event reboot
signal-event post-upgrade; signal-event reboot
should do the trick.
should do the trick.
If you don't like to reboot your server every time you install something (just like me :)), you can just run:
If you don't like to reboot your server every time you install something (just like me :)), you can just run:
=== Features ===
=== Features ===
A lot of options are available in the panel. When you create a new shared folder, or modify an existing one, the page is divided in up to 5 parts (depending on other packages you migth have installed like encfs and Ajaxplorer):
A lot of options are available in the panel. When you create a new shared folder, or modify an existing one, the page is divided in up to 5 parts (depending on other packages you might have installed like encfs and Pydio):
* The first part let you enter a name and a comment for this shared folder. This part works exactly the same way than ibay. An initial limit of 12 characters exists for the name. You can raise this value with
* The first part let you enter a name and a comment for this shared folder. This part works exactly the same way than ibay. An initial limit of 12 characters exists for the name. You can raise this value with
db configuration set maxShareNameLength 16
db configuration set maxShareNameLength 16
* The second part lets you configure access to this shared folder using the SMB/CIFS protocol. There's three drop down menus
* The second part lets you configure access to this shared folder using the SMB/CIFS protocol. There's three drop down menus
**'''SMB Access''' lets you configure the type of access: '''none''' (no access), '''enabled and browseable''' (enabled, and visible if you browse available shares of the server) or '''enabled, hidden''' (enabled, but you need to know the exact name to access it)
**'''SMB Access''' lets you configure the type of access: '''none''' (no access), '''enabled and browse-able''' (enabled, and visible if you browse available shares of the server) or '''enabled, hidden''' (enabled, but you need to know the exact name to access it)
**'''Recycle bin''' lets you configure a network recycle bin option available in samba. Available options are '''none''' (recycle bin is disabled), '''enabled, keep only the latest version''' (enable the recycle bin, but only keep the latest version if two file with the same name are deleted), or '''enabled, keep a copy of all versions''' (enable the recycle bin and keep a copy of every file deleted). When the recycle bin is enabled, if a user delete a file, instead of removing it from the server, samba will move it the the '''Recycle Bin''' directory at the top of the shared folder.
**'''Recycle bin''' lets you configure a network recycle bin option available in samba. Available options are '''none''' (recycle bin is disabled), '''enabled, keep only the latest version''' (enable the recycle bin, but only keep the latest version if two file with the same name are deleted), or '''enabled, keep a copy of all versions''' (enable the recycle bin and keep a copy of every file deleted). When the recycle bin is enabled, if a user delete a file, instead of removing it from the server, samba will move it the the '''Recycle Bin''' directory at the top of the shared folder.
**'''Recycle Bin Retention''': lets you define the retention time of file in the recycle bin. After this period of time, files are deleted.
**'''Recycle Bin Retention''': lets you define the retention time of file in the recycle bin. After this period of time, files are deleted.
**'''Dynamic content execution (PHP, CGI, SSI)''': this enable the execution of PHP script. If disabled files with php, php3, phtml, cgi or pl as extension won't be allowed. If enabled, you can create a directory named "cgi-bin" in your shared folder. It will allow execution of cgi scripts
**'''Dynamic content execution (PHP, CGI, SSI)''': this enable the execution of PHP script. If disabled files with php, php3, phtml, cgi or pl as extension won't be allowed. If enabled, you can create a directory named "cgi-bin" in your shared folder. It will allow execution of cgi scripts
{{warning box|IP addresses and networks which are allowed to access the server-manager (in Security -> Remote Access -> Remote Management) will be considered local for web access. This means those IP and networks will have access to shared folders which are restricted to local networks}}
==== Limitations of Ajaxplorer ====
=== Pydio ===
If you install the [[Pydio]] contrib, you'll have a new option displayed in the configuration of the shared folders. With this, you can easily enable the access of any shared folders through Pydio.
==== Limitations of Pydio ====
* You cannot work with files bigger than 2GB, this is a limitation of PHP on 32 Bits system
* You cannot work with files bigger than 2GB, this is a limitation of PHP on 32 Bits system
* Files uploaded with Ajaxplorer will not be counted for quota limitations (same applies for WebDav uploads). This is because the file will belong to www user, and not the real user.
* Files uploaded with Pydio will not be counted for quota limitations (same applies for WebDav uploads). This is because the file will belong to www user, and not the real user.
=== Encryption ===
=== Encryption ===
To install fuse-encfs on both sme7 and sme8
Since smeserver-shared-folders-0.1-50, you can now encrypt all the data stored in a shared folder. For this to work, you first have to install fuse-encfs from the [[Epel|EPEL]] repository
yum --enablerepo=dag install fuse-encfs
{{:epel|transcludesection=epel8}}
After adding it to the database updating the configuration file is required by issuing:
signal-event yum-modify
To install fuse-encfs on sme8
yum --enablerepo=epel install fuse-encfs
To install fuse-encfs on sme9
yum --enablerepo=smecontribs --enablerepo=epel install fuse-encfs
After installing fuse-encfs, make sure the fuse module is loaded
After installing fuse-encfs, make sure the fuse module is loaded
lsmod | grep fuse
lsmod | grep fuse
Now, when you create a new shared folder, you have a new option to encrypt the data. You'll have to type a password, and to select '''enabled''' for the encryption.<br /><br />
'''An encrypted shared folders can be "protected" or "enabled" and contains for each state a different corresponding data''' ( = a shared folder get a data for "enable" and another for "protected"):
* When the share is "protected", you can write to it: files written to the server while the share is protected will not be encrypted, instead, it'll be directly stored into the files folder in the share.
* When the share is "enabled", you mount the .store folder over the files folder, using encfs. When this happens, the cleartext dataset (stored directly in files) will be hidden, and you have access to a second, completely separated data set. The data you write when the share is enabled will be encrypted on the fly, and stored in the .store folder.
:As soon as you "protect" the share (or when the inactivity timeout occurres), the encrypted volume is unmounted, and you get the unencrypted share available again
Changing the state of an encrypted shared folder can be done through the 'Shared Folder Encryption' panel in the server-manager.
You can grant access to this panel to all users using the [[UserManager]] contrib. Users will only be able to toggle mode of shared folders they have access to (and of course, they need to know the correct password).
'''''Note:''''' If already mounted, Samba looses the access to the shared folder if its status "protected"/"enabled" is modified. Then the share must be umounted and mounted again to get access to the other data set.
==== Limitations with encryption ====
==== Limitations with encryption ====
Some advanced settings are not available on the panel, but only with db commands:
Some advanced settings are not available on the panel, but only with db commands:
{| class="wikitable"
|-
! Database !! Key !! Key type
|-
| accounts
| [name of share]
| share
|}
*Various options
*Various options
{| class="wikitable"
|-
! Option !! Value !! Default !! Description
|-
| ManualPermissions
| enabled / disabled
| disabled
| if you set this key to enabled, the permissions will only affect web access (HTTP, WebDav, Pydio), and will not touch the permissions on the file system. This can be used to host web applications with custom permissions.
|-
| Hide
| yes / no
| no
| If set to yes, this share will not be listed in the server-manager
|-
| Removable
| yes / no
| yes
| If set to no, you won't be able to remove this share through the server-manager
|-
| Audit
| enabled / disabled
| enabled
| Enable or disable activity logging in /var/log/messages
|}
*Options for Web access:
*Options for Web access:
**'''AllowOverride''': You can configure the AllowOverride directive of apache if web access is enabled. See this [http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride page] for a list of available option
**'''AllowOverride''': You can configure the AllowOverride directive of apache if web access is enabled. See this [http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride page] for a list of available option
**'''FollowSymLinks''': (enabled|disabled). Should apache follows symlinks ?
**'''FollowSymLinks''': (enabled|disabled). Should apache follows symlinks ?
=== Source ===
=== Source ===
The source for this contrib can be found in the smeserver [http://smeserver.cvs.sourceforge.net/smeserver/smeserver-shared-folders/ CVS] on sourceforge.
The source for this contrib can be found in the smeserver [http://smeserver.cvs.sourceforge.net/viewvc/smecontribs/rpms/smeserver-shared-folders/ CVS] on sourceforge.
=== Bugs ===
=== Bugs ===
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
and select the smeserver-shared-folders component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-shared-folders|title=this link}}
and select the smeserver-shared-folders component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-shared-folders|title=this link}}
Below is an overview of the current issues for this contrib:
{{#bugzilla:columns=id,product,version,status,summary
|sort=id
|order=desc
|component=smeserver-shared-folders
|noresultsmessage=No open bugs found.}}
----
----
[[Category:Contrib]]
[[Category:Contrib]]
[[Category:Administration:File and Directory Access]]
[[Category:Administration:File and Directory Access]]
