FTP-access isn't a problem anymore. People can connect to the server from outside my LAN, see the files and even download them. But, for some reason they cannot upload them.
I've changed the ftp access level from "write=admin" to "write=group". Last thing to do then, is selecting the group for that i-bay. If I select "everyone", then it won't work. If I select new created group, then the group can only contain members who have a user account. But I cannot create a user account with the same name?!?!
So... my point of view at this time: a i-bay is just a folder, and you can create user accounts if someone wants to use that folder (if you put him in the correct group).
But, I see that I when I log in with one of the created user accounts (through an FTP-manager), that I can browse through almost the whole system. I can see all the i-bays (but I can only open those to which I have access), and up-/download things if I have access. Other files are protected.
Is this the way to use it? I think it is a little weird that people can browse the "system" (except the program files themselves). Is there someone who can assure me that NO damage can be done by people who "just belong to a group and for some reason can browse the system"?
Thanks in advance! I am learning more every day...
Wietse
0 Replies
383 Views