Topic: ftp to Ibay...

[Cincron]

I have searched through this phorum and I have seen a few post that involve my same problem. This one is the closest

mark wrote:
>
> i have setup the ftp i can login ok i have shared the dir in
> ibay with files on it but when i login and can not see the
> files i copyed into the share can a manual edit the ftp.conf
> file to change it

Author: trevorb (trevorbatley_AT_optushome.com.au)
Date:   03-17-02 01:13

If you ftp into your primary site the files shown will be in
/home/e-smith/files/primary/files
If you ftp into an ibay the files that will be shown are those in
/home/e-smith/files/ibays//files
is this where you put your files?

This should all work 'out-of-the-box'.
Trevor B



I also have a friend who I would like to take care of his own site @ mydomain.. (www.theburds.org/darnell)...
According to this... when I / He ftp's into my webserver as his name/password he should see what is in the ibays/darnell/files  ???

Currently when we do ftp into it... we get these directories...
../home <--- it is empty
../mail
../mail/sent-mail/
../mail/sent-mail/cur
../mail/sent-mail/new
../mail/sent-mail/tmp
../maildir
../maildir/cur
../maildir/new
../maildir/tmp


when I log on as ADMIN... is see that Ibays and can upload to his ibay and all others..

I would like to set this up so he has control of his entire ibay and his ibay alone... Is this Possible?

Please give me some hints... this is driving me nuts..

[Jon Blakely]

If you want to ftp to an Ibay you need to use the ibay name not user name e.g ftp://darnell@theburds.org

As you have already mentioned this will only give access to ibay/darnell/files. In order for him to access cgi-bin, files and html you will need to create a custom template

# pico /etc/e-smith/templates-custom/etc/proftpd.conf/60AnonymousIBay

copy and paste this into it:

{
#------------------------------------------------------------
# How to handle logins from information bay accounts: chroot to the
# files part of the information bay directory.
#------------------------------------------------------------

    my %accounts;
    tie %accounts, 'esmith::config', '/home/e-smith/accounts';

    my $key;
    my $value;
    $OUT .= "";

    while (($key,$value) = each %accounts)
    {
        my ($type, %properties) = split (/\|/, $value, -1);
        if ($type eq 'ibay')
        {
            #------------------------------------------------------------
            # Figure out which combination of parameters to use. If
            # PublicAccess parameter is present, this is e-smith 4.0.
            # Otherwise, it's e-smith 3.0.
            #------------------------------------------------------------

            my $allow;
            my $pass;

            if ($properties{'PublicAccess'})
            {
                if ($properties{'PublicAccess'} eq 'none')
                {
                    $allow   = "127.0.0.1";
                    $pass    = 1;
                }
                elsif ($properties{'PublicAccess'} eq 'local')
                {
                    $allow   = $localAccess;
                    $pass    = 0;
                }
                elsif ($properties{'PublicAccess'} eq 'local-pw')
                {
                    $allow   = $localAccess;
                    $pass    = 1;
                }
                elsif ($properties{'PublicAccess'} eq 'global')
                {

$allow   = 'all';
                    $pass    = 0;
                }
                elsif ($properties{'PublicAccess'} eq 'global-pw')
                {
                    $allow   = 'all';
                    $pass    = 1;
                }
                elsif ($properties{'PublicAccess'} eq 'global-pw-remote')
                {
                    $allow   = 'all';
                    $pass    = 1;
                }
            }
            elsif ($properties {'ReadAccess'} eq 'global')
            {
                if ($properties {'UsePassword'} eq 'yes')
                {
                    $allow   = 'all';
                    $pass    = 1;
                }
                else
                {
                    $allow   = 'all';
                    $pass    = 0;
                }
            }
            else
            {
                if ($properties {'UsePassword'} eq 'yes')
                {
                    $allow   = $localAccess;
                    $pass    = 1;
                }
                else
                {
                    $allow   = $localAccess;
                    $pass    = 0;
                }
            }
           
            # variables: $allow (IP), $pass (bool)

            $OUT .= "\n";
            $OUT .= "\n";
            $OUT .= "    User $key\n";
            $OUT .= "    Group $key\n";
$OUT .= "    AnonRequirePassword " . ($pass ? "on" : "off") . "\n";
            $OUT .= "    UseFtpUsers on\n";
            $OUT .= "    MaxClients 10\n";
            $OUT .= "    DisplayLogin welcome.msg\n";
            $OUT .= "    DisplayFirstChdir .message\n";
            $OUT .= "    \n";
            $OUT .= "      Order Allow,Deny\n";
            $OUT .= "      Allow from $allow\n";
            $OUT .= "      Deny from all\n";
            $OUT .= "    \n";
            $OUT .= "    \n";
            $OUT .= "        \n";
            $OUT .= "            AllowAll\n";
            $OUT .= "        \n";
            $OUT .= "    \n";
            $OUT .= "\n";
        }
    }
}


crtl x to save
yes
enter

now expand the template

# /sbin/e-smith/expand-template /etc/proftpd.conf

That should allow your user to access all folders in his ibay.

Jon

[dj_ramjet99]

It would be cool if this was a server -manager option that you could set for each i-bay as required.

[René]

Hi

yes it's a very cool feature (followed the post from Jon Blakely).
I've tested it on my testserver. But isn't it a security risk? I think that I have full access to all ibays in all folders (html, files, cgi-bin) without any password.
My settings for the ibays are
User access via file sharing or user ftp: Write=Group, Read=Group
Public access via web or anonymous ftp: Entire Internet (no password required)
Execution of dynamic content (CGI, PHP, SSI): disabled

When I connect with ftp://ibay@ftp.mydomain.com I see all folder in the ibay and I have full access to all three folders. Is anything wrong?

Any ideas?

René

[Jon Blakely]

Agreed, it is a security risk. Normal SME5 ftp only allows access to the files directory for download. The initial post had a person who wanted to administer his own website in an ibay. If access is only required for the html directory then you could replace the line that says

$OUT .= "\n";

with

$OUT .= "\n";

But this will affect all ibays.

As you say if you connect to ftp://ibay@ftp.mydomain.com

you will see all three folders but if you have a password set for your ibay you should not be able to browse the folders without a password

ftp://ibay:passwd@ftp.mydomain.com

even tho you have set

Public access via web or anonymous ftp: Entire Internet (no password required)

Jon

[Jesper]

I have tried this and it workes a little to well. I have access to all folders (RW). The iBay I test on has a password and has as you suggest

Public access via web or anonymous ftp: Entire Internet (no password required)

What I would like to acheive is read access only and that the FTP user always have to type my iBay password.

What does it take to do that ?

Rgds,
Jesper

[Gaspar Raposo]

Well, to start with i have to say that you guys know your stuff and have helped me out a great deal.

What I am try to figure out is, why cannot the members of a group, when selected in an Ibay connect to the ftp using their own username and password? Every ibay seems to have a name and one set password where every user has to connect using one password only.

I would prefer assigning ftp access to users by adding them to the groups and that would make life alot easier.

Please let me know if you can help.

Thanks again.

Gaspar

[Mike]

Hi all

Just found out a few weeks ago on my E-Smith 5.6 how to give a person full read/write access to the complete Ibay, cgi-bin, files and html.
Create a useraccount.
Now the trick.
Make the "userpassword", the "Ibayname" and the "Ibaypassword" the same.
Of course you also have to set the necessarry rights on the Ibay.
It works for me but I also realise that it is a security risk because they are all 3 the same.
If someone will see http://www.e-smith.com/ibayname over your shoulder and knows about "the 3 the same trick" than they will only need to guess the useraccountname.
A well, not everything is perfekt but it works.

[Steve Crowers]

Be aware that even in the default e-smith install, if a user is part of the group the ibay is assigned to, the user already can access the ibay (with write access depending on the settings you set for the ibay).

try ftp'ing in as a user and do a "cd ../../ibays/[ibay-name]"

-Steve

[Beno]

I have tried a lot of various FTP options on various versions of e-smith. This ftp issue is a pretty hot topic and should be dealt with at the production end. There are a lot of requests for information regarding these features or lack of.

I think the question people want to know is, if E-Smith allows you to host domains, ibays etc.... then why cant we provide an ftp service to users of these ibays.

I would love to say to friends who's sites are hosted on my machine, Here is you details. Username password. You can now access you CGI bin, Files and HTML. Stop hassling me to upload or save files for you.

I think this is fair. I dont really care how it happens. As long as it does. There are some great ideas and options brought up in this thread and others.

Anyway, of my soapbox.

Happy FTPing

Beno