Topic: [WORKAROUND] PHP upload and ibays

[jibe]

Hi,

I'm trying to do something that seems simple, but cannot get it work. What am I doing wrong ?

I have an ibay for file exchanges, defined this way :

Code: [Select]

# db accounts show ftp-sertpr
shared-files=ibay
    CgiBin=disabled
    Gid=5027
    Group=shared
    Name=ibay pour partage FTP
    PHPBaseDir=/home/e-smith/files/ibays/ftp-sertpr/:/tmp/
    PasswordSet=yes
    PublicAccess=global
    SSL=disabled
    Uid=5027
    UserAccess=wr-group-rd-everyone
I want to have a PHP script to make easier to upload files, but to protect it, I don't want it in this ibay. So, I put it in the Primary, and changed its PHPBaseDir :

Code: [Select]

# db accounts show Primary
Primary=ibay
    CgiBin=enabled
    Group=shared
    Modifiable=no
    Name=Primary i-bay
    PHPBaseDir=/home/e-smith/files/ibays/Primary/:/tmp/:/home/e-smith/files/ibays/ftp-sertpr/
    PasswordSet=no
    Passwordable=no
    PublicAccess=global
    Removable=no
    UserAccess=wr-admin-rd-group

All seems ok in phpinfo(). Here are the interresting parts :

Code: [Select]

Directive Local Value Master Value
file_uploads On On
max_file_uploads 20 20
open_basedir /home/e-smith/files/ibays/Primary/:/tmp/:/home/e-smith/files/ibays/ftp-sertpr/ no value
post_max_size 20M 20M
upload_max_filesize 10M 10M
upload_tmp_dir /tmp /tmp

But I cannot get the file uploaded from outsite the local network :

Code: [Select]

# tail /var/log/messages
Jul 14 17:47:34 e-smith httpd: PHP Warning:  move_uploaded_file(shared-files/zzz.jpg) [<a href='function.move-uploaded-file'>function.move-uploaded-file</a>]: failed to open stream: No such file or directory in /home/e-smith/files/ibays/Primary/html/envgros.php on line 124
Jul 14 17:47:34 e-smith httpd: PHP Warning:  move_uploaded_file() [<a href='function.move-uploaded-file'>function.move-uploaded-file</a>]: Unable to move '/tmp/phpOb1RFk' to 'shared-files/zzz.jpg' in /home/e-smith/files/ibays/Primary/html/envgros.php on line 124
Here is the part of the script, line 124 is the one containing move-uploaded-file

Code: [Select]

if (isset($_FILES['docjoint']['name'])==true && ($_FILES['docjoint']['name']!="") && ($_FILES['docjoint']['error'] == UPLOAD_ERR_OK)) {
$chemin_destination =  'shared-files/';
move_uploaded_file($_FILES['docjoint']['tmp_name'], $chemin_destination.$_FILES['docjoint']['name']);
}
What am I missing or doing wrong ?

[ReetP]

Hi,

not sure what your specific problem is but it is often a problem with PHPBaseDir (which sets openbase_dir), upload_tmp_dir and $_SERVER['DOCUMENT_ROOT']. In your case I think it is is with upload_tmp_dir.

Personally I found rather than trying to mess with the Primary ibay it is easier to create a new ibay and mess with that !

You set PHPBaseDir on the Primary iBay but I am not sure that is needed ?

If you want to set an upload_dir on the Primary ibay you will have to follow some of the stuff below and modify accordingly.

For setting up a new ibay :

PHPBaseDir as above.

For $_SERVER['DOCUMENT_ROOT'] have a look here :

http://wiki.contribs.org/PHP_document_root

For upload_tmp_dir you need to hack your server a little.

See either here :

http://wiki.contribs.org/Uploadtmpdir

or better here :

http://bugs.contribs.org/show_bug.cgi?id=7011

If you apply the two diffs in the bug you can then set :

db accounts setprop myIbay PHPTmpDir enabled

Might not need both of these but just in case !

signal-event ibay-modify
signal-event console-save

It should create a temp directory and set upload_tmp_dir for you.

Personally I would create one ibay and apply all three of the above - should then work without problems.

Apart from those patches, Stephane has created a contrib to allow finer grained control of ibays. Have a read here :

http://bugs.contribs.org/show_bug.cgi?id=8280
http://bugs.contribs.org/show_bug.cgi?id=8239


HTH

B. Rgds
John

[jibe]

Hi John,

Thanks for your reply.

it is often a problem with PHPBaseDir (which sets openbase_dir), upload_tmp_dir and $_SERVER['DOCUMENT_ROOT'].

Yes, surely !

In your case I think it is is with upload_tmp_dir.

Mmm... Why ?
If upload_tmpdir is not set, we usually have an UPLOAD_ERR_NO_TMP_DIR error. As you can see in my first post, phpinfo() confirms that it's well set to /tmp. I did it via a template-custom... And I have no error in $_FILES['docjoint']['error'] (tested as UPLOAD_ERR_OK just before calling move_uploaded_file. I also test the returned error, somewhere before in the script, and there is none [yes, there is a useless double check : my script is very bad  ])
Is there another reason that makes you think that my upload_tmp_dir is not good ?

Personally I found rather than trying to mess with the Primary ibay it is easier to create a new ibay and mess with that !

Ok. I will try with another ibay. But did you pay attention that I already try to put my uploaded file in another ibay ? My Php script is in the Primary, but I want the uploaded file to go on the "shared_files" ibay. So, did you suggest to put my script on a third ibay ? Not a problem for me, but I'm not sure that it will magically make this work ! No risk to try anyway...

You set PHPBaseDir on the Primary iBay but I am not sure that is needed ?

What do you mean exactly :
1 - It's not needed because it's the default,
2 - Or it's not needed as I want to put the uploaded file in another ibay ?

As I put my script in the Primary, I think it's needed unless it's the default, but anyway it can't be the problem, can it ?

I worry if the problem is not rather with the $_SERVER['DOCUMENT_ROOT'], the path I use for the destination, or the fact that I want to put it in another ibay. In the script I gave in my first post, I had a bad path. This gives me a "No such file or directory" error in /var/log/messages. But if I put ../../shared_files/html or $_SERVER['DOCUMENT_ROOT']/../../shared_files/html, I get a "Permission denied" error, when I should be able to write in this ibay, as the rights are UserAccess=wr-group-rd-everyone with Group=shared. Am I wrong ?

Before putting it on the prod server, where it doen't works, I test this script on my own server, in an ibay (not Primary) and putting the uploaded file in a subfolder of the same ibay. In this case, it's working properly. So, unless I forgot something in the config of the prod server (I gave it in my first post, and don't see what could be wrong or missing), it seems that the problem is with the use of the 2 different ibays... The only thing changed in the script between the 2 servers is the path.

 

[ReetP]

Hi John,
Thanks for your reply.

NP

Yes, surely !

LOL....

Mmm... Why ?
If upload_tmpdir is not set, we usually have an UPLOAD_ERR_NO_TMP_DIR error. As you can see in my first post, phpinfo() confirms that it's well set to /tmp. I did it via a template-custom... And I have no error in $_FILES['docjoint']['error'] (tested as UPLOAD_ERR_OK just before calling move_uploaded_file. I also test the returned error, somewhere before in the script, and there is none [yes, there is a useless double check : my script is very bad  ])
Is there another reason that makes you think that my upload_tmp_dir is not good ?

My bad - just wondered if it was due to permissions moving between directories I guess.

Ok. I will try with another ibay. But did you pay attention that I already try to put my uploaded file in another ibay ? My Php script is in the Primary, but I want the uploaded file to go on the "shared_files" ibay. So, did you suggest to put my script on a third ibay ? Not a problem for me, but I'm not sure that it will magically make this work ! No risk to try anyway...

Is there any particularly pressing reason for them to go in a separate iBay ?

What do you mean exactly :
1 - It's not needed because it's the default,
2 - Or it's not needed as I want to put the uploaded file in another ibay ?

As I put my script in the Primary, I think it's needed unless it's the default, but anyway it can't be the problem, can it ?

Yes, I believe that is default so no other setting is needed. You only need to override it for other iBays.

I worry if the problem is not rather with the $_SERVER['DOCUMENT_ROOT'], the path I use for the destination, or the fact that I want to put it in another ibay. In the script I gave in my first post, I had a bad path. This gives me a "No such file or directory" error in /var/log/messages. But if I put ../../shared_files/html or $_SERVER['DOCUMENT_ROOT']/../../shared_files/html, I get a "Permission denied" error, when I should be able to write in this ibay, as the rights are UserAccess=wr-group-rd-everyone with Group=shared. Am I wrong ?

Before putting it on the prod server, where it doen't works, I test this script on my own server, in an ibay (not Primary) and putting the uploaded file in a subfolder of the same ibay. In this case, it's working properly. So, unless I forgot something in the config of the prod server (I gave it in my first post, and don't see what could be wrong or missing), it seems that the problem is with the use of the 2 different ibays... The only thing changed in the script between the 2 servers is the path.

I was about to suggest this myself. try repeating it in one folder on the Production box to check it still works.

Then you can can try to put files in another iBay and nail that problem.

B. Rgds
John

[jibe]

He,

I moved my script in a new ibay, with this config :

Code: [Select]

# db accounts show test
test=ibay
    CgiBin=enabled
    Gid=5060
    Group=admin
    Name=ibay de test pour grosfic
    PHPBaseDir=/home/e-smith/files/ibays/test/:/tmp/:/home/e-smith/files/ibays/shared_files/
    PasswordSet=no
    PublicAccess=global
    SSL=disabled
    Uid=5060
    UserAccess=wr-group-rd-everyone

If I put the uploaded file in a subfolder of this ibay, no problem. But when I try to put it in the ibay I want, I get a "permission denied" in /var/log/messages. Seems really that it's impossible to put a file in another ibay, even if the rights seem allow that ! Or, I forgot something ?

I do need to put the files in another ibay, as the goal is to have shared files in this ibay, and the code not mixed with the files. The files are in the html forlder of the ibay so that they can be viewed or downloaded through http. What can I do ?

It's a very good thing that ibays are isolated, but I thought that there is a way to tweak that when we really need to write in one from another...

[ReetP]

Sorry, on my mobe so tryping may be messy

Where are you trying to save the file ? In the 'html' folder of another ibay, or the 'files' folder ??

[jibe]

The files are in the html forlder of the ibay so that they can be viewed or downloaded through http.

Yes, I know that it's not very secured. But few people will be allowed to use the script, and they are supposed to be trust. The shared ibay will also be password-protected.

[ReetP]

Doh... Sorry. Long night at the bar....

Got to be permissions but not sure how to cure it.

What software are you using ?

[johnp]

Thought I'd add that you may want to look at the Webshare contrib to see how it is done in it. I use it and followed the instructions to move to an ibay. As this is running at my home, I have the contents also shared on my lan. It provides me access remotely to certain files and all my music which also is streamed through another app

[jibe]

Hi,

Doh... Sorry. Long night at the bar....

What software are you using ?

It's my own PHP script. But what importance ? AFAIK, this will depend only on the configuration of the ibays and the move_uploaded_file command. So, either at least one is not correct, either it should work, unless it's really impossible to do that...

Thought I'd add that you may want to look at the Webshare contrib to see how it is done in it.

Thanks for the suggestion 

I already had a (too much quick ?) look on it, but seems different and very complex compared on what I need. I don't need complex shares with samba and so on : I just want to put easily some files in the html folder of an ibay, via a PHP script located on another ibay. Yes, Webshare allows that, but in a more complete and complex way, so I abandoned this idea...

Well, I worked around the problem just calling a bash script to move the files. The interesting part of my PHP script becomes :

Code: [Select]

if (isset($_FILES['docjoint']['name'])==true && ($_FILES['docjoint']['name']!="") && ($_FILES['docjoint']['error'] == UPLOAD_ERR_OK)) {
$chemin_destination =  'upload/';
move_uploaded_file($_FILES['docjoint']['tmp_name'], $chemin_destination.$_FILES['docjoint']['name']);
chmod ($chemin_destination.$_FILES['docjoint']['name'],0666);
$commande="./deplace ".$_FILES['docjoint']['name'];
system($commande);
}

My bash script is :

Code: [Select]

#!/bin/sh
mv /home/e-smith/files/ibays/test/html/upload/$1 /home/e-smith/files/ibays/shared-files/html/$1

It does the job  Just not very beautifull to double move the file, I should have preferred to directly put it in the right place with move_uploaded_file, but too bad ! At least, this way, it's working.

[ReetP]

It's my own PHP script. But what importance ? AFAIK, this will depend only on the configuration of the ibays and the move_uploaded_file command. So, either at least one is not correct, either it should work, unless it's really impossible to do that...

If it was generic I'd try it here

Well, I worked around the problem just calling a bash script to move the files. The interesting part of my PHP script becomes :

Code: [Select]

if (isset($_FILES['docjoint']['name'])==true && ($_FILES['docjoint']['name']!="") && ($_FILES['docjoint']['error'] == UPLOAD_ERR_OK)) {
$chemin_destination =  'upload/';
move_uploaded_file($_FILES['docjoint']['tmp_name'], $chemin_destination.$_FILES['docjoint']['name']);
chmod ($chemin_destination.$_FILES['docjoint']['name'],0666);
$commande="./deplace ".$_FILES['docjoint']['name'];
system($commande);
}

My bash script is :

Code: [Select]

#!/bin/sh
mv /home/e-smith/files/ibays/test/html/upload/$1 /home/e-smith/files/ibays/shared-files/html/$1

It does the job  Just not very beautiful to double move the file, I should have preferred to directly put it in the right place with move_uploaded_file, but too bad ! At least, this way, it's working.

I haven't used the function myself (and nor am I a PHP guru), but in the light of a new day, http://php.net/manual/en/function.move-uploaded-file.php seems to explain it.

When you upload the file you cannot move it outside of open_basedir - or least PHP can't.

It seems the move file function is there only to allow checks before moving from the temp directory to a directory WITHIN your open_basedir. It is not there (and can't) move the file anywhere else in the file system unless you override open_basedir.

So you either have to override open_basedir (not good methinks), keep the file within the iBay or use another system to move it - as you have done.

I'm sure there may be other ways to get round this as per your script though being no guru I can't help much and would have done the same as you 

B. Rgds
John

[jibe]

I haven't used the function myself (and nor am I a PHP guru), but in the light of a new day, http://php.net/manual/en/function.move-uploaded-file.php seems to explain it.

When you upload the file you cannot move it outside of open_basedir - or least PHP can't.

It seems the move file function is there only to allow checks before moving from the temp directory to a directory WITHIN your open_basedir. It is not there (and can't) move the file anywhere else in the file system unless you override open_basedir.

It's precisely what I don't understand. Unless I misunderstand what is open_basedir or how to use/change it, I should be able to do what I want, as I changed it... But it's true that I'm not very sure of what is really done when we change open_basedir through the db commands : seems that we finally have several ones (in my case : /home/e-smith/files/ibays/test/ (the normal one for the ibay), /tmp/ (the unix temporary folder, used as upload_tmp_dir) and /home/e-smith/files/ibays/shared_files/ (the ibay where I want to put the files). Seems to work in some cases, but I find it a little weird... And in fact, move_uploaded_file seems to not consider that the 3d one is really a true open_basedir...

I'm sure there may be other ways to get round this as per your script though being no guru I can't help much and would have done the same as you 

Yes, thanks for your help anyway !

If the solution is not very elegant, at least it works well...

Thanks again and best regards.

[jibe]

Still a little thing : this does not works (access denied) when the scripts are in the Primary, unless you change the default config. Rather than changing it, better to put them in another ibay

Also, do not forget to increase some php.ini values if you need to upload big files :

Code: [Select]

db configuration setprop php MaxExecutionTime 3600
db configuration setprop php MemoryLimit 50M
db configuration setprop php PostMaxSize 50M
db configuration setprop php UploadMaxFilesize 50M
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

[ReetP]

It's precisely what I don't understand. Unless I misunderstand what is open_basedir or how to use/change it, I should be able to do what I want, as I changed it...

open_basedir (have a good read & search onlne for it) is there to stop people doing things they should not with your server. The way it is set in SME does not give you carte blanche to do anything you want, and is there for your own good If you don't really understand it, then better to leave well alone !

The setup in SME server helps prevent you making mistakes and giving the world access to your machine.

open_basedir restricts access ABOVE whatever level you set. Normally if you had one webserver, all the files would go in one set of folders covered by the open_basedir.

So if you set it for say

/home/e-smith/files/ibays/mybay/html

any scripts in there can access folders BELOW, but cannot access any directory level ABOVE that e.g.

Accessible :
/home/e-smith/files/ibays/mybay/html/test
/home/e-smith/files/ibays/mybay/html/scripts
/home/e-smith/files/ibays/mybay/html/scripts/other


Inaccessible :
/home/e-smith/files/ibays/mybay/
/home/e-smith/files/ibays/
/home/e-smith/files/ibays/differentbay/
/home/e-smith/files/ibays/differentbay/html
/home/e-smith/files/ibays/differentbay/files
/root
/etc
/bin
/sbin

.........


So you cannot go up the folder tree and back down into another one.

You want two iBays and so you effectively have 2 'websites' each with its own set of rules. Each has its own basedir, and php scripts in each ibay can only operate within that setting (down to the way that SME is built).

Yes, you may be able to override the system and do your own thing, but you are leaving yourself at risk if you do. Would you really want to set it as say '/' ??

It might also have been easier to have kept the files in one set of folders and restrict access with .htaccess or other methods.

HTH, and glad you have something working !

B. Rgds
John

[jibe]

Thanks for the explanation. I think that it will usefull for people reading this thread.

For me, it's what I already understood. What I have difficulty to understand is the way it's said to change the PHPBaseDir (I think that I saw it in several pages of the wiki) : normally, you cannot upload files, as /tmp is not in the open_basedir. If you don't want to have a temp folder inside it, it's said to change open_basedir this way :

/home/e-smith/files/ibays/youribay/:/tmp

So, as I understand, the scripts can now access the ibay AND /tmp. And in fact, you are able to upload files.

So, what happens exactly when I have this open_basedir :

/home/e-smith/files/ibays/youribay/:/tmp:/home/e-smith/files/ibays/anotheribay/

I thought that it was a way so that the scripts can access "youribay" AND /tmp AND "anotheribay"... Seems that it's not the case. So, what is the use of that ?

I cannot retrieve this page, but I'm almost sure that I read that normally ibays are totally isolated, but that it's possible to un-isolate 2 of them changing open-basedir. No more sure however if the way I did was given there or if they said to put open_basedir = /home/e-smith/files/ibays/. If it's done this way, it's sure that any script can access any ibay. But it's generally not what we want, as it's very unsecure ! We generally want to limit the communication to two ibays only...

Where am I wrong ? What did I misunderstood ?

[janet]

jibe

"Open_basedir is a security function in PHP that defines the locations or paths from which PHP is allowed to access files."

Not sure if this means scripts can also access those locations (when they are in a different ibay location).
Keep reading !
Maybe you need multiple open base dir settings for each ibay if you put a script in a different ibay.
I am not a PHP person so cannot comment more specifically from experience.

Reading from here
http://wiki.contribs.org/PHP
in this section
Modifying the PHPBaseDir setting for an ibay
it implies you can do what you are asking but uses an example of an ibay & /opt subfolder, so maybe move your script somewhere else than an ibay eg under /opt/subfolder/
eg
db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary/html/:/opt/gallery2/
Above command would allow for invocation of scripts in the /opt/gallery2 path from the Primary ibay html folder by PHP.

[jibe]

http://wiki.contribs.org/PHP
in this section
Modifying the PHPBaseDir setting for an ibay

Yes, it's this page I was talking about and not retrieving in my last post 

it implies you can do what you are asking but uses an example of an ibay & /opt subfolder

Yes, but what is the difference between /opt/gallery2 and /home/e-smith/files/ibays/shared-files/html (the path of my second ibay) ? For PHP, I don't see why there would be a difference, unless some special config in SME prevents it to work... I could try to put my script in /opt, as you suggest, but not sure that it will work better, and if it does, this will only confirm that there is something special in SME...

But there could be another explanation : re-reading this page that you mention, I see :

Above command would allow for invocation of scripts in the /opt/gallery2 path from the Primary ibay html folder by PHP.

It's also possible to read a file (at least in /tmp). But it's never said that we can write elsewhere than in the main basedir (however, it's never said that we cannot...).

If I have some time, I'll make some more tries writing files. This seems to be a limit of multiple open_basedir...

[janet]

jibe

The Primary ibay is slightly different than other ibays in that it has default settings that are not easily changed.
So as has been previously advised to you, it is best to avoid using the Primary ibay.

I never use it & always point any main domain to a specific ibay as there is better control possibilities with regular ibays.

/opt does not have default ibay configuration possibilities or limitations. You will have to specifically configure those settings.

/opt is a safe place to put scripts as they are not accessible to Internet users unless you specifically allow it, although the sme server system can access /opt. You may have to configure settings within apps & set suitable permissions to allow that.

It is indeed my suggestion that you put your scripts into /opt/subfolder

ibays are special places & have a lot of default protection enabled, sme by default is locked up very tightly, something which newcomers find hard to deal with, when coming from other Linux distros which are somewhat more open but less secure.

I strongly suggest you install some of the web contribs that install to /opt & examine the templates that they install as you will see how to configure /opt appropriately to allow web access etc, & set up aliases eg Joomla, maybe Gallery IIRC, Wordpress & quite a few others, see the Contribs page & the Howtos. Look also at the Contrib or Howto that lets you manually setup any web app etc (forget it's name off the top of my head & I'm on a mobile so less easy to look it up).

Edit: See for example
http://wiki.contribs.org/SME_Site_Maker
and
http://wiki.contribs.org/Web_Application_RPM

[CharlieBrady]

What am I missing or doing wrong ?

You need to read the log messages carefully. "No such file or directory" is not an OpenBasedir restriction, and not a file system permission issue.

[jibe]

Hi,

Back again after a long time away...

@ janet :

Thanks for your advices. For now, the workaround I am using is working well, so I will keep it. It's true that for what I want to do, ibays are probably not very good and /opt could be better... I just do not like to use /opt on SME, as it is like using it as any LAMP, and do not think to use it in special cases where it could be better.

@ CharlieBrady :

Sorry, but you did not read carefully what I wrote 

In the script I gave in my first post, I had a bad path. This gives me a "No such file or directory" error in /var/log/messages. But if I put ../../shared_files/html or $_SERVER['DOCUMENT_ROOT']/../../shared_files/html, I get a "Permission denied" error, when I should be able to write in this ibay, as the rights are UserAccess=wr-group-rd-everyone with Group=shared.

[janet]

jibe

No one can access /opt unless you specifically allow it.

The configurable permissions for ibays that you mention, are only applicable to samba (local networking) access & ftp access, & have nothing to do with web access.  Check in server manager when setting up an ibay, read the field description which says "User access via file sharing or user ftp"

Web access permissions in ibays are totally different & managed differently, & you have not allowed for that, that's why you have found a need to use a script to move the files.

[jibe]

Hi janet,

Sorry that I was probably not clear enough in my last post... Seems that we don't talk about the same thing !

The quotation about my own post on july,15 was just to say to Charlie that the real problem was not a "No such file or directory" message, but a "Permission denied" error. Since this time, I understood that it was not a problem with the configurable permissions of the ibay in the server-manager, but something with open base dir or something else regarding the web access permissions.

As it seems more complex than I thought first, I made a workaround and decided to study that better when I'll have time. Even if /opt could be a good solution, I will not change my workaround as it works well. I consider that my problem is solved now, and that I have to re-study what I did not understand well about web access in the ibays.

Anyway, thanks to everybody for the help 

[Sparkey]

I had a similar issue at work with wanting to allow customer to upload art files to a location and then, without any other tasks, allow users within the internal network to have access to these files.

What I ended up doing is:

Installed the Shared Folders contrib and the Web Shares contrib.

The webshare contrib allowed me to set-up accounts for different customers with username/password access where they could upload files via php.

I then created a fileshare folder using the SharedFolders contrib with group access assigned to all internal users.

Then within the file share, created folders with the same name as the webshares created for the remote customers and then wrote a small script that uses the Mount --Bind command to link the sub directories under fileshare to the webshares I created for customers.

The end result is that customers have a secure login to upload and download artwork/artfiles and the internal users in our company also have access to these same files via the fileshare shared folder.

The only task I have to do is remember to modify the Bind script when a new webshare is created.  Maybe someday I will make a contrib that would you update this from the web administration panel.  But until that time it is manual.

Mark

[jibe]

Hi,

Thanks for your explanation, Sparkey.

What I see is that you installed 2 contribs and finished with a script, when I just use a script without need of any contrib   

Just joking : I never used those contribs and don't know them, but probably your solution is more secure than mine.

[janet]

jibe

Webshare can be installed to an ibay (rather than /opt) & configured to allows users to have samba access to the files, as well as web access to upload & download files, & it authenticates against sme users,
see
http://wiki.contribs.org/Webshare#Using_with_ibays_.26_SME_users

[Sparkey]

Hi,

Thanks for your explanation, Sparkey.

What I see is that you installed 2 contribs and finished with a script, when I just use a script without need of any contrib   

Just joking : I never used those contribs and don't know them, but probably your solution is more secure than mine.

FWIW, I'm sure there are many ways to accomplish what I did.  Since I needed each customer to have their own access/data area, I felt the contribs I used were the easiest way for me.  Plus it allows me to easily disable or change access ID's and passwords for remote users.