Topic: FTP Question

[Agent86]

Hi all

For some reason when adding users or groups and I-bays I can't seem to allow anyone to add a folder, or write to the ftp space

They seem to be able to login, but no write access

Why??? is there something I'm missing, I've try diffent combo's like add the groups first then users, then add users first then groups and add users to the groups etc and different variations of this.


Please advise ?

[raem]

Agent86

Did you ever hear of a thing called security ?
 
I suggest you re-read the manual very carefully.
Access rights re Users, Groups & Ibays is different to ftp or web access rights.
See the ibays section of the manual as it decribes how to write to ibays using a sftp client.

[Agent86]

I've read through all the sections and tried all the steps in the manual regarding ftp and i-bays

Even followed the many examples

All ended the same with some minor variations

No write permisions for ftp clients no write permisions to any i-bays with any type of setup.

It appears simple enough to setup an i-bay, or to make a group and add users to the group, or to create i-bays and give those groups or users access, but no matter what varations of this I've tried I have no write permissions to ftp space

I have public ftp enabled etc.

[raem]

Agent86

> ...I've read through all the sections and tried all the steps in the manual regarding ftp and i-bays...


Perhaps you didn't read this part or try the steps suggested !

http://mirror.contribs.org/smeserver/contribs//bobk/SME_Manual/chpt-14.02.html

Note that you need to use a ftp client program eg WinSCP3
see this link for tips
http://www.foothill.edu/ctis/howTo/SFTP.php


Quoting the manual for sme6:
"Note that users accessing the i-bay via FTP in this manner are not able to upload files to the i-bay. They can only download files from the i-bay to their client.

It is possible to upload files using FTP, but to do so you must login to the server with a valid user name, not the i-bay name. That user account must be a member of the group that has been given write permission for the i-bay (configured on the i-bay screen). You would then change to the i-bay directory (using the ftp command "cd ../../ibays/ibayname"). You will now be able to upload files from your FTP client to the appropriate directories."



.... and pretty much the same from the sme7 manual at
http://smeserver.sourceforge.net/sme70/sme70/Manual/Chapter14?v=zrq



14.2. Accessing the i-bays
You can access the contents of an i-bay using a web browser, Windows file sharing / Apple Talk?, or FTP.

accessing an i-bay using a web browser (via http): To view an i-bay using a browser, enter «www.yourdomain.xxx/i-bayname». For example, the URL for Samson's Farms i-bay is «www.tofu-dog.com/samfarms». Assuming you are entitled to access this i-bay, you will see the index.html page in the html directory in the Samson's Farms i-bay. If a password is required to see the contents of the i-bay, a password dialog box will appear before the contents of the i-bay are served to the web browser.
accessing an i-bay via Windows file sharing and AppleTalk: To access the i-bay using Windows file sharing or Apple Talk?, simply navigate to the server over your network browser (in Windows, this would be via “Network Neighborhood”) and select the i-bay you want to enter from those appearing. You can only access an i-bay in this way if you are on the local network.
accessing an i-bay via the FTP server: To access the i-bay using FTP, you use your FTP client to connect to your server and use the i-bay name as the login id. If the i-bay requires a password, you will need to enter the i-bay password as well. If you are using a command-line or graphical FTP client, you will usually be prompted for the login username and password. If you are using a web browser, you will need to enter a FTP URL. This will be in one of the following forms, depending on whether or not a password is required:
ftp:// ibayname @ftp. domainname
ftp:// ibayname : password @ftp. domainname

Warning
Be aware that FTP transmits all passwords in the clear without encryption and can therefore be a security risk. If you are concerned about security, we suggest you consider the scp “secure copy” command associated with ssh as an alternative to FTP.


Note that users accessing the i-bay via FTP in this manner are not able to upload files to the i-bay. They can only download files from the i-bay to their client.
It is possible to upload files using FTP, but to do so you must login to the server with a valid user name, not the i-bay name. That user account must be a member of the group that has been given write permission for the i-bay (configured on the i-bay screen). You would then change to the i-bay directory (using the ftp command «cd ../../ibays/ibayname»). You will now be able to upload files from your FTP client to the appropriate directories.

[Agent86]

Thanks for the reply

Yes I have read and followed these steps exactly and also have read your links which have the following notes regarding such Windows and Mac, and also the following regarding Linux which I'm using on all my client computers:

copied from:
http://www.foothill.edu/ctis/howTo/SFTP.php

If you are using a UNIX machine like Mac OS X or Linux, and you are comfortable with the command-line interface, you have the free and built-in SFTP and SSH tools available in your shell environment. Try doing a man sftp or man ssh to learn more about these capabilities.

gFTP linux already does this automatically to my knowledge
I've not had to do this for uploading to any FTP sites with gFTP ?

So it sounds like everyone I give space to on my SME box always need a special program to write to ftp space on the SME box ?

How are you suppose to edit your webpages or upload images etc.from a remote location ?  What ever happened to drag and drop a folder into the browser window ? Can't do that anymore ?

People I plan to let use the system will not know anything about this, they just simply want some webspace or extra online filespace??

Is there no simpler way for users to upload a file ?

[del]

Hi,
I use a contrib from dungog called:
dungog-proftpd-chroot-0.1-4.noarch.rpm works OK on SME6 never tried it on SME7 though. It lets you direct a user to a certain folder/ibay
Hope this helps,
Del

[raem]

Agent86

Just checking, have you enabled ftp access in the Remote Access panel ?

The security model of the sme server has not changed for many years, you could never ftp to ibays without using an ftp client (by default).

Users should be able to ftp to their own home folder without needing to use an ftp client, and they should be able to upload files.
It's done at contribs.org website for user contribs.

Users cannot upload files to ibays using ftp ie when not using an ftp client.
That is the default security model used by sme server by design.

Note that ftp is inherently insecure so that's the main reaon why, eg passwords are sent as plain text over the Internet.

If you want users to upload files to ibays then they need to logon using a ftp client using their own login name & password and then cd to the ibay. The user will need to be a member of the group that has write access to the ibay.

That's the way sme is designed and that's the way you do it.

If you are not seeing that behaviour in sme7 then report it to bugzilla.


There have been many posts about this subject over the last few years, if you want a different security model than the default one, then search the forums on "ftp" or "ftp to ibays", and make sure you go back a year or two or three. Your server may end up being less secure , but that's your choice.

[del]

Hi Ray,

I don't think that sme allows you to upload files using ftp even if you enable ftp in the remote access panel, at least I have never been able to upload unless I install the rpm I mentioned. Further research shows that dungog has a new rpm for SME 7, it can be found here:
http://mirror.contribs.org/smeserver/contribs//dungog/packages/smeserver/7.0/i386/RPMS.dungog/
I hope this helps.

Del

[raem]

del

> I don't think that sme allows you to upload files using ftp ...

You CAN upload files to the users home folder using ftp (you can on sme6) and the manual for sme7 implies it can be done.

login using
ftp://username@ftp.yourdomain.com
and use the user's name & password.


As fas as I know the dungog-proftpd-chroot rpm just limits the ftp user to their own home folder (or specified ibays ?)  and stops then cd'ing to the /root or other folders (when they are using a ftp client such as  WinSCP3).

Read the sme manual carefully, excerpts already posted in this thread.

[raem]

Agent86 & del

If you use a sftp client then you will also need to enable ssh access.

Quoting from the sme7RC1 servermanager Remote Access panel:

"Note: a secure shell sftp client can also be used to access the server, if remote access via the secure shell is enabled."

[raem]

del

> I don't think that sme allows you to upload files using ftp ...
>...I have never been able to upload....

Perhaps you should try a different browser.
I was just testing and found that
IE supports ftp uploads to users home folders OK,
but Firefox does not allow ftp uploads, only downloads.

[del]

Hi Ray,

I don't actually use a web browser, I was refering to wsftp pro, cuteftp or my favourite, filezilla to upload files. So I may be on the wrong track here. As for the dungog contrib, it defaults to the user's home directory but can be changed to any directory in the server-manager panel, I have clients that use filezilla and I direct them to a certain i-bay. It seems to work for me and is so easy to setup. I will however try the web browser way soon and see if it acheives the same results for me. Thanks for the info.

Del.

[Agent86]

Hi all thanks again for the help

Well, a couple new subjects here since my last post I'll try to respond

As far as ftp access enabled in the remote panel of SME - Yes to this

As far as browsers I'm using Firefox, so perhaps I'll try another.

As far as ftp clients I've pretty much had the same results, and gFTP is pretty good for just about anything FTP upload download and hosting as well, which I've not tried.

So, I'm still no convinced it's a bug, as it is mostly still possible that I've got something wrong.

But as far as the users and groups and group write permissions all that seems to checkout correctly.

Let me just stick with the more simple of the ftp options: the ftp write to home directory.

As far as write to home directory goes please correct me if I'm wrong, but no i-bay is needed for this correct ? just add a new user and they automatically get a home folder ?

And should be able to login and write to that directory correct ?

Now is there still a need for ftp client to write to this home directory or should you be able to do this via the browser ?

Please advise on this pre-topic of the main topic

Thanks again to all and by the way I'm still having fun with this and many have been helpful

This is a class model help forum, and support forum which should be followed by all other forums in my opinion

Anyhow thats a bit off topic but just wanted to mention this again as I enjoy my SME learning experience

[Agent86]

Ok It appears that I have gotton the gFTP to work with writing to the home space of the users with login and password, It must have been something I did wrong, or miss typed a ftp location etc.

So I'll tackle i-bays later

Now about the primary default webpage ?

I'm going to work on this next, so any pointers for adding the php script or tips for security would be helpful.

Pros and cons of using the default file locations or pros and cons of adding an i-bay for this?

Thanks

[raem]

Agent86


>...So I'll tackle i-bays later...

In your sftp client, select the Command menu and then issue
cd /home/e-smith/files/ibays/ibayname

Alternatively use the newer rpm from dungog
smeserver-remoteuseraccess

see bugzilla re the current status of an issue involving e-smith-proftpd and this rpm.


> ...Now about the primary default webpage ?
>...Pros and cons of using the default file locations or pros and cons of adding an i-bay for this?


If you must do it via ftp, then login as admin, cd to the primary ibay and upload your files.

If you choose instead to have your main web site in an ibay then other users will be able to access that ibay for file uploads etc as you have the flexibility of ibay permissions.