Koozali.org, home of the SME Server

Setting up an I-bay for an outside user

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Setting up an I-bay for an outside user
« on: June 15, 2021, 01:58:10 AM »
Hi,

I am trying to setup an I-bay that a user can login and upload to it. I have setup the I-bay and I can login into it as if I am the other user. I can upload from the admin side to the I-bay folder however I can not upload to the I-bay folder from the User Side. What settings do I need to have so I can accomplish that?

If you need anymore information on what I am doing and what settings I have now let me know.

Thanks.

Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #1 on: June 15, 2021, 05:41:04 AM »
maie a dedicated group for this user

set the ibay for write and read by the group

choose your preferred way to access to the ibay
-sftp
-scp
-ftp over tls
-nextcloud
-phpwebftp
- vpn plus samba

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #2 on: June 16, 2021, 08:03:08 AM »
Hi,

Thank you for your response that helped.

Okay another question

Is there a way to when you login as a user like lets say you login in as John and you type the password for john that you will be directed right to the I-bay that john uses and the user John won't see the other I-bay's on the server?

Thanks.

Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #3 on: June 16, 2021, 08:37:28 AM »
First
using the right permission your user will not have access to anything he is not supposed to.

second what you seems to ask is chroot.  Currently your are able to chroot a user in ftp using remoteaccess contrib.
If you are not using sme10 pay attention that ftp is not using tls and password and traffic are not encrypted using ftp.  starting sme10 default is to use tls.

if you choose nextcloud contrib, access to the ibay will be easy using the gui.

if you need scp or sftp see bug https://bugs.koozali.org/show_bug.cgi?id=3178
if you only want one ibay, it can be achieved with a few modifications : template custom and a cron to make sure /home/e-smith/ is root owned. 

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #4 on: June 21, 2021, 11:11:54 AM »
Okay I think I am real close I just have some permissions not set right.

I have the I-bay Named John for example

I want the user to be able to login to the I-bay John directly to Files because I don't want to have to have them navigate through all of the other I-bays to upload there files.

So When I login directly to the I-bay John using the Username John and entering the password for the I-bay on the remote side I know it takes me directly to files and if I upload a file to the I-bay john in files on the admin side I can see it on the remote side but I can't upload to the I-bay John on the Remote side I get this error 550 operation not permitted.

What do I need to change so I can upload to the I-bay "john" on the remote side?

Offline ReetP

  • *
  • 3,183
  • +5/-0
Re: Setting up an I-bay for an outside user
« Reply #5 on: June 21, 2021, 11:46:35 AM »
Okay I think I am real close I just have some permissions not set right.

First, you should not really be trying to set permissions by hand. They are likely to be overridden but the system.

second what you seems to ask is chroot.

Are you using some sort of chroot method as Jean Philippe suggested? If you not you will not achieve what you want with just permissions. It is more complex than that.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #6 on: June 22, 2021, 01:14:57 AM »
Also before we can help we need to know which protocol you are trying to use


by the way in my suggestion i forgot an option : webdav over https. with the right settings user will be directed to html only him will have access and he could upload and download to the folder. 

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #7 on: June 22, 2021, 10:57:28 AM »
Okay so I am using FTP to access the I-bay however I am not sure if I am using TLS or not.

I set the I-bay for write and read by group

I don't have the option on my side to pick between these options

-sftp
-scp
-ftp over tls
-nextcloud
-phpwebftp
- vpn plus samba

All I have is this

Execution of dynamic content CGI PHP SSI Disabled

Force secure connections Disabled.

Also with webdav over https how would I start with setting that up? Because that sounds like the way I want to go.

Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #8 on: June 22, 2021, 12:18:44 PM »
sme 9 or sme 10?


only acceptable answer is sme 10 ;)

see https://wiki.koozali.org/Mod_dav

and for configuration using server manager https://wiki.koozali.org/Webhosting
« Last Edit: June 22, 2021, 12:22:08 PM by Jean-Philippe Pialasse »

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #9 on: June 24, 2021, 08:22:59 AM »
hahaha the answer was SME 8 will be SME 10 the correct answer soon :) I'm hoping upgrading will resolve some of the issues I am having. What are the main issues with SME 10 is it pretty much cut and dry like SME 8 or does it have some issues??

Thanks.

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #10 on: June 24, 2021, 09:25:38 AM »
It was released, there are no issues :-)

Only way to find out is use it, if able a test sytem to do a test migration to helps enormousely. Many are now rolling it out in prod environmenst, a few little glitches picked up and resolved. See the forum section

Others may want to expand. Just remeber the underlying base RH/CentOS has moved a long way from how and what they provided to sme8/9.

Enjoy
« Last Edit: June 24, 2021, 09:27:34 AM by TerryF »
--
qui scribit bis legit

Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #11 on: June 24, 2021, 03:15:55 PM »
dav contribs was not as much evolved on sme8 as it is on sme10.

you are at risk for a few years now with sme8 without any security patch. You should upgrade without delay, and then focus on your present issue as it will be easier to fix.


SME 10 has all the fixes SME 9 had over SME 8 and more fixes.
of course some issues may persists but have more chance to be fixed than they will be on SME 8 ;)



Offline ReetP

  • *
  • 3,183
  • +5/-0
Re: Setting up an I-bay for an outside user
« Reply #12 on: June 24, 2021, 07:09:29 PM »
but have more chance to be fixed than they will be on SME 8 ;).

V8?
Probability = 0

:lol:
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #13 on: June 25, 2021, 11:03:57 AM »
Okay all upgraded now.

I can't make WS_FTP work with 10 it errors 550 ssl/tls Required on the control channel

Filazilla will only work on one machine it says 550 ssl/tls Required on the control channel for any other machine when trying to connect to the server.

Are there more settings I need to "enable" other than the obvious ones so I can access the server via FTP?

Server-manager works perfect by the way.

Thanks

Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #14 on: June 25, 2021, 04:03:50 PM »
you need to enable on the client ssl/tls.
filezila is capable. 


further more you need tls 1.2 or 1.3.

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #15 on: July 01, 2021, 10:39:11 AM »
Hi again,

Sme 10 works great. However I seem to be missing a couple of things for an SSL certificate according to https://wiki.koozali.org/Certificate_ssl_management I should have a tab in Server-manager to upload I don't have that tab and I don't know how to add it what do I need to do to add that?

Also for my same old problem with chrooting I bay access according to https://wiki.koozali.org/FTP_Access_to_Ibays I need to add Install the smeserver-remoteuseraccess contrib. Is that all I need to do?  Then will a new place in the server manager Remote access have a tab so I can chroot I-bay access like I explain a while ago above?

Thanks.

Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #16 on: July 01, 2021, 11:00:09 AM »
first question re ssl cert: this needs a contrib. not yet available on sme10.
i suggest using letsencrypt or configure the ssl cert using command line.


second question :yes.

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #17 on: July 01, 2021, 09:32:45 PM »
Okay so this is getting to the territory in Sme Server I am not familiar with.. So for the SSL certificate would using letsencrypt let me use a SSL Certificate that I could buy off of the internet? Also where do I need to go in Sme Server to find letsencrypt?

Another thing I am not familiar with I assume this code right here is what I need to add for the chrooting yum  --enablerepo=smecontribs install smeserver-remoteuseraccess
signal-event post-upgrade; signal-event reboot

Where do I need to go in Sme Server to install this?

Thanks.

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #18 on: July 01, 2021, 10:41:58 PM »
Okay so this is getting to the territory in Sme Server I am not familiar with.. So for the SSL certificate would using letsencrypt let me use a SSL Certificate that I could buy off of the internet? Also where do I need to go in Sme Server to find letsencrypt?

Letsencrypt is free service and provides a single use cert, well worth the time to have a look at their home for background, https://letsencrypt.org/, Koozali SME Server has a contrib to help with the installation and ongoing admin, https://wiki.koozali.org/Letsencrypt, you will need to work from the command line (cli) in a local terminal or ssh into one.  ssh access needs to have been enabled from the server-manager, see wiki for details.

Another thing I am not familiar with I assume this code right here is what I need to add for the chrooting yum  --enablerepo=smecontribs install smeserver-remoteuseraccess
signal-event post-upgrade; signal-event reboot

Where do I need to go in Sme Server to install this?

Remoteuseraccess is  also a contrib, https://wiki.koozali.org/Remoteuseraccess again installation is shown being done from the cli using a local terminal or ssh. Once installed as per wiki administraion is carried out from the server-manager, wiki shows some settings being done from a terminal as well.

For both contribs, have a good read, ask if unsure particularly for Letsencrypt, remoteuseraccess is straightforward

Good Luck and enjoy
--
qui scribit bis legit

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #19 on: July 02, 2021, 11:13:59 AM »
Ok so Like you said remoteuseraccess is straightforward and I understand what to do but I am stuck on the installation part in the link you gave me there is a contrib link for 9 and 10 to download however there is no contrib download for 10 it says not found is there another place to get that?

Also I see the file smeserver-remoteuseraccess-1.3-2.el6.sme.noarch downloads to the computer you download it off of so leads to my next question how do I download that on to the server? Do I upload this file to an I-bay then download it or is there like a browser to download it like on the server when your actually looking at the server not through Server manager?

Same for the letsencrypt smeserver-letsencrypt-0.5-17.noarch how do I download it?

okay for the letsencrypt I see that is free which I honestly find hard to believe but I welcome it. How well does it work with the web? Does everything recognize it? Does Google (gmail) recognize it? 

Thanks.

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #20 on: July 02, 2021, 12:38:45 PM »
You really do need to do some homework first on using the terminal window, how to use a ssh client like putty, what yum does and how an rpm is installed. A basic understanding of koozali repositories will also help.

smeserver-remoteuseraccess-1.3-2.el6.sme.noarch is a sme9 rpm, do not attempt to install el6 rpms on sme10

I would not go anywhere near letsencrypt until you know what you are doing its got the potential to bite you on the arse in the blink of an eye

You can also use the server-manager to install packages from koozali configured repositories, just enable the contribs repo and the available packages will be listed, select and the system will do the rest, again, some basic knowledge of using the server-manager is needed,

Using a terminal and the cli is more versatile and powerful, well worth the work needed to learn the what and how.
--
qui scribit bis legit

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #21 on: July 10, 2021, 05:33:29 AM »
Okay so here is where I am stuck now I know Yum is the Software installer in Server manager but I have no idea how to get remoteuseraccess and letsencrypt smeserver-letsencrypt-0.5-17.noarch into the yum installer to install them.

How do I do that?

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #22 on: July 10, 2021, 06:15:30 AM »
Okay so here is where I am stuck now I know Yum is the Software installer in Server manager but I have no idea how to get remoteuseraccess and letsencrypt smeserver-letsencrypt-0.5-17.noarch into the yum installer to install them.

If that is how you have researched how yum is used..get your money back..

Yum is used from the command line in a terminal window, NOT from the server-manager, see the attached image, read the wiki, the basics are all there.

1.  I have opened a terminal window to my home server using putty, having allowed remoteaccess from within server-manager. See the wiki
2.  I have logged in as root
3.  I have used yum to begin the process of installing remoteuseraccess
# yum install smeserver-remoteuseraccess --enablerepo=smecontribs
4.  See bottom of the attached terminal window, If I answer Y the contrib will be installed

above is using a terminal that has been logged into and installing a package

SM is different - Server-manager can also be used by using the menu item Software Installer - however further configuration is required to select a contrib, again see the wiki

as I said you really do need to do some reasearch or find somone near to you to run you through the basics...
--
qui scribit bis legit

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #23 on: July 13, 2021, 06:35:32 AM »
Okay thank you for pointing out what the correct way was to install that stuff I needed that. I have read a lot and I have done a lot of research and I just have trouble with understanding all of the heavy Linux programming language.

Okay with the remote user access The Putty says I installed it successfully but nothing is different in server manager. I have read the wiki and what it told me to do is not there in Server Manager. If you tell me I need to restart it I will I am not with the server right now I will restart it when I am with it tomorrow.

Okay with the lets encrypt I did what I was told to do in the wiki and I got a couple of errors Can you give me some advice on what I need to do? Because I am not sure what I need to do.

A screen shot of my putty is attached.

Thanks,

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #24 on: July 13, 2021, 12:09:31 PM »
With smeserver-remoteuseraccess installed, not doing a reboot and haveing at least one ordinary user added, I have a new menu item in server-manager under 'Security' - User Remote Access see attached image.

As far as letsencrypt goes did you read what the system is telling you?  You have your repos out of whack.

I suspect you have disabled important repos when mucking about in server-manager, see attached image for result when correct. again back to the wiki and research

I have to add here, with letsencrypt, this is the easy and straightforward stage, the curve gets steep from here on, if you are confused now and cant work out whats happening it does not bode well for what is to come.
« Last Edit: July 13, 2021, 12:15:04 PM by TerryF »
--
qui scribit bis legit

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #25 on: July 13, 2021, 12:19:44 PM »
Okay with the remote user access The Putty says I installed it successfully but nothing is different in server manager.

What was returned in the terminal, ie what did it tell you exactly?
--
qui scribit bis legit

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #26 on: July 13, 2021, 09:43:46 PM »
Okay with the remote user access I have the tab now I didn't have that last night. So I am good to go there.

Okay with the lets encrypt I will work on it some more its the only thing standing in my way now. However is this guaranteed to be recognized by all places? I know it says I can set that. What I am concerned with is that I don't want to program something that is not going to work. 

Thank you.

Offline ReetP

  • *
  • 3,183
  • +5/-0
Re: Setting up an I-bay for an outside user
« Reply #27 on: July 13, 2021, 10:54:57 PM »
Code: [Select]
heavy Linux programming language.
This is not heavy, and it is not a programming language.

It is just bash commands in a shell. Like using Basic on a ZX81.

It is fast, once you practice a bit. It's why we all use it.

You have a choice here, like we all did. You can either stay in the safe zone, accept what is in the server-manager and carry on with what you are limited to there.

Or you can roll up your sleeves and get your hands a bit dirty. But to do that you also have to do what we all did which is to read a lot, and learn.

I made that choice 25 years ago, and still read and learn today. And as a result, somewhere in your server, are bits of code I wrote, some of it for letsencrypt ;-) I am no guru. I have just read more help pages then you have.

You can do this too.

You will get more help here, but only if you help yourself.

I wrote this some while ago for Rocket,Chat, but if you leave out the Rocket.Chat specifics and read up on how to ask sensible questions, you will help yourself and others.

https://gist.github.com/reetp/a66149d5f060f260643a353ca7067a98

Specifically these pages

https://www.chiark.greenend.org.uk/~sgtatham/bugs.html
http://www.catb.org/esr/faqs/smart-questions.html


Okay with the lets encrypt I will work on it some more its the only thing standing in my way now. However is this guaranteed to be recognized by all places? I know it says I can set that. What I am concerned with is that I don't want to program something that is not going to work. 

You are not about to program anything. Just configure it. The code that we wrote will do the 'heavy lifting' for you.

Read about SSL and https. Read again so you understand it. Read about Letsencrypt.

Make sure your DNS and firewall are setup correctly to allow access to your server. No access, and Letsencrypt can't confirm it is you and it will fail.

Follow the wiki.

USE TEST MODE until you get no errors.

Instructions are on the wiki on how to revert if you have a disaster.

Smile.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #28 on: July 13, 2021, 11:36:32 PM »
He is a helpful gnome isn't he :-)

Re your issue with installing letsencrypt, I beleive you have disabled the smeos repo and others when trying to use server-manager, in a terminal using putty you can restore the functiona of all the default repos with a few simple commands and yes it is in the wiki restore the defaulot repos and try again. Warning as simple as it is it also very powerful working in a terminal, which is why its so useful, a slip of a finger can be catastrophic so check and double check what you typ befoire pressing the launch button 'enter'

Essential reading
https://wiki.koozali.org/SME_Server:Documentation:FAQ:Section01#Yum_Updates
and
https://wiki.koozali.org/SME_Server:Adding_Software#Restoring_Default_Yum_Repositories
--
qui scribit bis legit

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #29 on: July 13, 2021, 11:49:26 PM »
Further, was being lazy, to add third party repos can be done as you will find in the wiki and more simpley using an install rpm sitting in the smeaddons repo, see here https://wiki.koozali.org/Extrarepositories

$ yum install smeserver-extrarepositories-epel --enablerepo=smeaddons

epel repo is one that is useful going down the road..

--
qui scribit bis legit

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #30 on: July 14, 2021, 10:04:20 AM »
Okay So I got lets encrypt installed and it is ready to go. However I seem to be having some errors. It is telling me that my connection is not secure and that emails can not be verified that they were sent from there email address. I thought I had the SSL lets encrypt all good and ready to go because the website was seeing it and it was all happy saying secure connection then I tried to install it again with the mail.domain.com/webmail so I can get the emails to work so after doing that I have the mail.domain.com/webmail saying that it is verified by letsencrypt but my regular website no longer says that. I tried to reinstall it from scratch but that didn't work. Also my emails still say they can not be verified. So I am not sure what I am doing wrong I think I screwed something up somehow but I am lost so I thought I would ask again. Do I need to wipe the certificate off of the server and start over or what do I need to do??

Thanks.

Offline ReetP

  • *
  • 3,183
  • +5/-0
Re: Setting up an I-bay for an outside user
« Reply #31 on: July 14, 2021, 10:28:04 AM »
We can't help you if you don't help yourself.

You have just said "I installed but it seems broken"

Please read that guide again and explain EXACTLY the steps you took, which of course you wrote down as you went?

We have a pretty good idea of where you are wrong but not making guesses without some careful, detailed explanation.

We're trying to help you here, but that starts with you helping yourself to help us.

Be methodical and careful and precise and tell us the exact steps.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #32 on: July 16, 2021, 10:01:32 AM »
Well...... I didn't want to write a book to explain what I did but I got it figured out. It wasn't an sme problem at all so never mind.

I am to the point where I want to be with this server Thank you all for your help I appreciate it!

Last 2 questions of a couple of things I am curious about but can't find anything on them.

Is it possible to program a send later for the emails like you know Gmail and Outlook have in sme server?

Also I am not sure if this is an SME Server thing or not so I apologize Is it possible to program the logo of a company into the url?

Thanks.

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #33 on: July 16, 2021, 10:23:48 AM »
Also I am not sure if this is an SME Server thing or not so I apologize Is it possible to program the logo of a company into the url?

Not hard to accomplish, BUT, might piss some off, open source distro being rebranded for your benefit or are you simpley saying you want a homepage with your biz details?  second option is simple, yes its in the wiki.

Is it possible to program a send later for the emails like you know Gmail and Outlook have in sme server?

What client are you using to send emails?
--
qui scribit bis legit

Offline ReetP

  • *
  • 3,183
  • +5/-0
Re: Setting up an I-bay for an outside user
« Reply #34 on: July 16, 2021, 11:00:09 AM »
Is it possible to program a send later for the emails like you know Gmail and Outlook have in sme server?

I don't believe so. It is more a client function than a server function.

Mail servers expect to send mail immediately, and retry for a period if they can't get through.

Programs such as PHPList for mailing lists have a delay function, but essentially it is a client program, not a server in its own right.

Quote
Is it possible to program the logo of a company into the url?

Can you explain this a little more clearly. Re-branding what exactly?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #35 on: July 16, 2021, 11:28:10 AM »
I wasn't meaning through a client to send emails I meant directly on the server that makes sense though thanks.

On the logo in the URL I wasn't meaning to talk about rebranding The company wants to put there logo in the url like Logo shows in the url description then https://www.domain1.com/. I will take a look at the wiki. Where is it in the wiki if you have it off of the top of your head?

Thanks.

Offline sages

  • *
  • 168
  • +0/-0
    • http://www.sages.com.au
Re: Setting up an I-bay for an outside user
« Reply #36 on: July 16, 2021, 12:18:35 PM »
something like this?
https://en.wikipedia.org/wiki/Favicon
If so google be thy friend.
...

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #37 on: July 16, 2021, 09:14:50 PM »
Yes!! That is what I am looking for. Thank you!!

« Last Edit: July 16, 2021, 09:16:35 PM by JRBATM20192021 »

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #38 on: July 20, 2021, 08:25:02 AM »
Hi Again,

Trying to get FTP clients set up to upload to the server but they said that the connection times out and they can't get connected.

So I can access the server via ftp locally via a static IP I have the server setup to Accept FTP connections from anywhere. I can access the server via ftp via a hotspot. However, If I try to access it from an DCHP connection I get the same thing the connection times out and I can't get connected.

What its doing is acting like its connecting and it even says connected loading directory then it says connection timed out retrying and it keeps doing that.

So I think it is something to do with the security Is there anyway to do it without Explicit Encryption with tls? Or is that a must?

I can't find anything in the wiki yes I looked. We also are doing everything right from the directions.

I'm sure its just something I don't know yet I have a fully built and ready server just trying to get all of kinks out now.

Thanks,

Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #39 on: July 20, 2021, 01:14:16 PM »
read the logs instead of guessing what is happening.

yes you can do it without tls, but you can also just post your login and password with a copy of all your precious files on a public forum. This is pretty much as secure. 

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #40 on: July 21, 2021, 07:09:51 AM »
The security is fine It is actually nice just didn't have that before with sme 8. I read the log report I don't understand what is wrong it seems to be some setting is not set right but once again I don't know because I reviewed all of the instructions in the wiki and I am quite certain I set everything up right and the instructions are simple just like setting up the I-bays was. Also I am sure it is just a setting because the SSH or terminal window works on the networks from the outside just not the FTP.....

Here is the log report

 **Unmatched Entries**
 pam_unix(ftp:session): session opened for user admin by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user admin
 pam_unix(ftp:session): session opened for user admin by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user admin
 pam_unix(ftp:session): session opened for user admin by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user admin
 pam_unix(ftp:session): session opened for user admin by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user admin
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_unix(ftp:session): session opened for user admin by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user admin
 pam_unix(ftp:session): session opened for user admin by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user admin
 pam_unix(ftp:session): session opened for user admin by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user admin
 pam_unix(ftp:session): session opened for user admin by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user admin
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_unix(ftp:session): session opened for user chuck by (uid=0)
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck
 pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
 pam_unix(ftp:session): session closed for user chuck

When I go to connect from the outside network that doesn't work it says
Status:   Connected
Status:   Retrieving directory listing...

then it goes

Command:   MLSD
Error:   Connection timed out
Error:   Failed to retrieve directory listing

Again not sure what is wrong but with my trying to make the USER Remote access work I might have messed up something with the FTP? Not sure with this one still......

Thanks.

Also With the hotspot I said it had worked now it will not work. So I can't get into my server via FTP from any network other than the servers own even though I have it set for Anywhere on the internet.

Update Got a new log from trying yesterday

Same errors as the day before which I posted above.
« Last Edit: July 21, 2021, 11:20:07 AM by JRBATM20192021 »

Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #41 on: July 21, 2021, 01:06:45 PM »
what software for ftp?

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #42 on: July 21, 2021, 08:50:45 PM »
Sorry Forgot to mention that.... Filezilla and WINSCP

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #43 on: July 21, 2021, 09:06:47 PM »
One thing I should mention is before I added the software to do USER Remote access to chroot a user to a certain file I didn't have this problem... I could get in from an outside network VIA FTP. I also installed a whole bunch of updates like an idiot because I was hoping the USER Remote access software was in the updates. So is there a command I could use to restore all previous settings without uninstalling the USER Remote access and the Lets encrypt Security Certificate? I should add I had issues trying to install the Letsencrypt Security Certificate and you guys gave me this link https://wiki.koozali.org/SME_Server:Adding_Software#Restoring_Default_Yum_Repositories and I was able to install it. Is the code I need in there to undo time per say?


Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #44 on: July 22, 2021, 10:49:50 AM »
Okay tried the link that I listed below when I wrote that yesterday. Logging in from an outside network via FTP worked great using the admin login. However nothing else worked. Again However now it won't work at all again.

I have read your information on this and I have done everything correctly.

You guys said read the instructions then ask for help that is what I am doing now.

Thank you.

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #45 on: July 22, 2021, 12:01:44 PM »
What is the sites url?
--
qui scribit bis legit

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #46 on: July 23, 2021, 02:09:02 AM »

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #47 on: July 23, 2021, 08:31:28 AM »
Made an attempt or three to your site, different users, came up OK, obviously no password etc..

I do not use letsencrypt, so its a puzzle, configured a VM with remoteuseraccess, enabled ftp in server-manager, set chroot for user, using WinSCP

FTP using TLS/SSL Explicit encryption and login was accepted, denied without the TLS/SSL

Needs a brighter spark than I..only good thing is basic Vm with defaults does what it should
--
qui scribit bis legit

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #48 on: July 23, 2021, 08:54:53 PM »
Okay Sounds Good Thanks for looking. Any Ideas of what I should try to make this work? Everything works well except FTP.......

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #49 on: July 25, 2021, 07:44:08 AM »
Okay I tried Smart FTP and it gave me an error.....

Unexpected server reply

Problem

Unexpected server reply.

HRESULT error: FTPLIB_E_WRONGREPLY (0x80043106)

Cause

This error occurs when the server returns an error reply or a reply the client did not expect. Further analysis of the server to client communication is required to determine the cause of this error.

Seems Like I have a setting wrong or I messed something up with trying to install default contribs in the software installer....

Thought I would try to reach out to the smart FTP people.

Any suggestions on what I should change on SME Server to maybe resolve the issue?

Is there some code where I could go back to the regular default contribs? I think that is where I messed up.... Because everything else works fine.....



Offline ReetP

  • *
  • 3,183
  • +5/-0
Re: Setting up an I-bay for an outside user
« Reply #50 on: July 29, 2021, 10:57:31 AM »
One thing I should mention is before I added the software to do USER Remote access to chroot a user to a certain file I didn't have this problem...

I could get in from an outside network VIA FTP.

I also installed a whole bunch of updates like an idiot because I was hoping the USER Remote access software was in the updates.

"Act in haste, repent at leisure"

Quote
So is there a command I could use to restore all previous settings without uninstalling the USER Remote access and the Lets encrypt Security Certificate?

Restore from backup and start again? Letsencrypt can be easily be re-generated.

OK, so you have been jumping wildly all over the place trying to guess your way to an answer rather than working it out methodically and finding what works and what does not.

This is fast becoming a XY problem which no one is going to be able to resolve very easily and is consuming everyones time and getting nowhere in a hurry: https://xyproblem.info/

So, first thing go right back to the start and then work your way forwards little step by little step and documenting the process accurately. No jumping around or testing things on a whim. Be precise and methodical. Use logs. Read the wiki carefully - there is a wealth of information in there so use it to educate yourself.

This was an upgrade from SME v8? I don't believe we tested this, but it should *theoretically* work but YMMV.

So run the audittools on your SME v8 install and lets see what you have in there to start with.

Run these from a terminal.

/sbin/e-smith/audittools/newrpms << May not run correctly on SME v8
/sbin/e-smith/audittools/repositories
/sbin/e-smith/audittools/templates

Then do the same thing on the v10 version - you can actually go to the server-manager and look down the bottom on the left for creating a bug report - that will do it all for you.

Put them on pastebin or somewhere - not here.

I suggest you also give some give some details about your router or whatever you have between your server and the rest of the world, and how it is set up.

Make sure you *** anything sensitive please.

Further fumbling and guessing is not going to get this fixed. This needs a professional approach now please.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #51 on: July 29, 2021, 02:42:57 PM »
config show ftp

Offline JRBATM20192021

  • **
  • 45
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #52 on: July 30, 2021, 04:06:21 AM »
No Problems Just working through it. Almost there.


Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #53 on: August 04, 2021, 03:19:56 PM »
you must pay attention that sme only uses ftp active.

nowaday default for client is sending passive command but SME ignores it. 

Try to configure your client in active mode.  It could still fails, here is why :


it all works while the client data port is accessible. But if he is behind a NAT or firewall yhis data port will not be accessible.

if you want to use a passive mode, this needs adding extra config to the server and then there is no limit on client side.  only you will also need to open the random data port on server side firewall, adding a layer of risk, and also open those ports on your router if behind one.


This is why I suggested a lot of alternatives, because what seems simple here « i will use ftp, it is already there » is not because of all the layer to think about in term of security: ports in firewalls, data transfer mode, TLS mode.

On the other hand nextcloud or webdav is easy to install and configure on client and will always uses TLS encryption using https with no headache for firewall and ports to open. 


Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #54 on: August 04, 2021, 04:36:25 PM »
OP and I have been collaborating via priv messaging :-) was able to access his test setup with TLS enabled and active mode on the client, WinSCP, Filezilla and CuteFTPle. all in all a interesting knowledge upgrade :-)

It is NOT a simple point and shoot matter. Far better to find another way, it can be done but requires more than just a config setting in SM..

Security is key here....
--
qui scribit bis legit

Offline Jean-Philippe Pialasse

  • *
  • 2,041
  • +6/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #55 on: August 04, 2021, 06:30:15 PM »
This could lead to a wiki page on how to configure client and server depending on the network
to share this accumulated knowledge?

tls mode
active/passive
server behind NAT firewall
client behind NAT firewall
server only / server-gateway

Offline TerryF

  • grumpy old man
  • *
  • 1,659
  • +1/-0
Re: Setting up an I-bay for an outside user
« Reply #56 on: August 05, 2021, 12:27:47 AM »
This could lead to a wiki page on how to configure client and server depending on the network
to share this accumulated knowledge?

tls mode
active/passive
server behind NAT firewall
client behind NAT firewall
server only / server-gateway

Definetly of benefit to add to the knowledge base...and those points above are all in play, hence my comment it is no trivial matter to use ftp in a secure way, even then it still has security implicatiuons, although at least TLS is active..
--
qui scribit bis legit