Koozali.org: home of the SME Server

Disable file sharing for an ibay

Offline grimblefritz

  • *
  • 5
  • +0/-0
Disable file sharing for an ibay
« on: January 30, 2020, 09:56:05 PM »
I have several ibays, each running websites for different groups of users. None of the file sharing (FTP, CIFS/SMB, etc) are of any use to us. Personally, I don't really care that they are there; however, the (Windows) network admin would like the shares for the ibays to "go away".

As the server manager interface provides no option to disable FTP separately from HTTP, nor to disable CIFS/SMB, what would be the 'custom' way to accomplish this. I understand the custom templates, adding custom keys to the db, etc, but in terms of what I'd need to actually change/add -- out of my depth.

I wish this was an option in the I-bays Web Hosting contrib. Something like "SMB File Sharing [on/off]" and "FTP File Sharing [on/off]". But, absent that...

I need help.

Thanks!

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
--
qui scribit bis legit

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Disable file sharing for an ibay
« Reply #2 on: January 31, 2020, 03:55:16 AM »
grimblefritz

Alternatively.....

Fundamental server management concepts are to make use of Groups. All ibays should be owned by a Group. Any local Users added to the SME server will not be able to access ibays (files) unless they are members of the Group that owns the ibay.
This is seperate access to web access.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: Disable file sharing for an ibay
« Reply #3 on: January 31, 2020, 12:35:53 PM »
This should completely disable samba and ftp on your server:
Code: [Select]
# /var/service/smbd/run
# * sets smbd status to disabled
# * shuts down smbd
# * if the status for 'smb' is disabled
# likewise, /var/service/nmbd/run
# * sets nmbd status to disabled
# * shuts down nmbd
# * if the status for 'smb' is disabled
config setprop smb status disabled
sv t smbd
sv t nmbd

To re-enable:
Code: [Select]
# restore status=enabled to the 3 affected db settings
config setprop smb status enabled
config setprop smbd status enabled
config setprop nmbd status enabled
#
# and bring the services back up
sv u smbd
sv u nmbd

I'm still working on a simple way to disable ftp

[edit]
I didn't find an easy way to completely disable FTP, but you can reconfigure the firewall to block all FTP connections
(I suspect that setting the ftp status to disabled, then doing reconfigure and reboot would work -- but I don't want to reboot my server at the moment...)

Code: [Select]
config setprop ftp AllowHosts 127.0.0.1
signal-event remoteaccess-update

Restore FTP access using:
Code: [Select]
config delprop ftp AllowHosts
signal-event remoteaccess-update
« Last Edit: January 31, 2020, 12:51:21 PM by mmccarn »

Offline grimblefritz

  • *
  • 5
  • +0/-0
Re: Disable file sharing for an ibay
« Reply #4 on: February 01, 2020, 04:00:38 AM »
Hi all,

Thanks for the replies. I guess I was not clear enough in my post. I don't want to completely disable FTP and Samba. I don't need to refine the access controls. And the existing ibay attributes are not sufficient for what I desire.

The network admin, who deals primarily with the Windows systems, doesn't want the ibays to have FTP or (especially) SMB shares. It creates extra work for him (ie, "Where did these shares come from?" or "Why can't I access this share?" and so forth.

So, what I wanted was to 1) create an ibay, 2) disable FTP/SMB for the ibay (leaving the other avenues to FTP/SMB intact.)

Anyway, I have found a solution and have it integrated into the web hosting admin panel. A little more testing and then I will post the solution. Perhaps Stephdl would consider formally adding it to the webhosting contrib. I'll pose that question once I'm sure it's solid.

Thanks!

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Disable file sharing for an ibay
« Reply #5 on: February 01, 2020, 05:15:14 AM »
I believe what you are asking is not ibays but sharefolders https://wiki.contribs.org/SharedFolders#Features

Offline grimblefritz

  • *
  • 5
  • +0/-0
Re: Disable file sharing for an ibay
« Reply #6 on: February 01, 2020, 02:43:47 PM »
I had already investigated SharedFolders. It was close, but not right for what I want/need.

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Disable file sharing for an ibay
« Reply #7 on: February 01, 2020, 06:54:33 PM »
I had already investigated SharedFolders. It was close, but not right for what I want/need.

What was missing ? It allows to deactivate samba per share.

Offline stephdl

  • *
  • 1,519
  • +0/-0
    • Linux et Geekeries
Re: Disable file sharing for an ibay
« Reply #8 on: February 01, 2020, 07:38:15 PM »
Hi mates

Please could you make a pull request under

https://github.com/stephdl/smeserver-webhosting/tree/sme9
See http://wiki.contribs.org/Koozali_Foundation
irc : Freenode #sme_server #sme-fr

!!! Please write your knowledge to the Wiki !!!

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Disable file sharing for an ibay
« Reply #9 on: February 01, 2020, 11:14:44 PM »
Hi mates

Please could you make a pull request under

https://github.com/stephdl/smeserver-webhosting/tree/sme9
Nice to see you around !

Offline grimblefritz

  • *
  • 5
  • +0/-0
Re: Disable file sharing for an ibay
« Reply #10 on: February 02, 2020, 02:43:48 PM »
What was missing ?

Not a matter of missing, just not quite right.

We're already using the webhosting contrib.

Ibays generally work fine for us.

Except that the guy responsible for the network doesn't want "stray" services showing up (when our primary - but not only - use of ibays is for virtual web hosts.) Ergo, the requests to "turn off" SMB and FTP. Which can't be done at the service level, because we do offer both from SME, so it is only for select ibays where they need to be disabled.

And, as I am the one responsible for SME Server, I didn't want yet another contrib. (That's perhaps arbitrary, but I've wished for twenty years that contribs that have a "core" usefulness would more quickly find their way into core packages.)

So, in those terms - not wrong or inadequate, just not quite right. And to my last point above, SharedFolders overlaps the webhosting contrib as well as the stock ibay feature. Both contribs, along with the SCLs for PHP and MySQL, and probably others, should have (imho) long ago been made part of the stock ibay panel. Instead, there are at least six panels/contribs that overlap and provide "pieces" of what (again, imho) should be a single panel.

Completely aside, but I find, in this area, the Nethserver project does a much better job of absorbing and integrating community efforts; however, that's also the reason I find NS to be less coherent than SME. Nothing is absolutely free of cost or consequence :) There is something to be said for and against the glacial advancement of SME, just as the more rapid advance of NS has its pros and cons. Maybe someday the two communities will get over their divide and focus on providing a single, better solution. (I think some personalities won't/don't favor that, though.)

Anyway, I thought I should give you a more thorough explanation vis-a-vis SharedFolders.

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Disable file sharing for an ibay
« Reply #11 on: February 02, 2020, 06:23:17 PM »
Thanks for taking the time.
So from what I understand it is much more not wanting one more system doing the same thing that make it not quite right.

I understand your point of view with pages added to configure more elements of the core things, but this is a limitation of the current old manager, we are looking to override with next manager. Having hooks to put new elements from a contribs at the right spot.

In the mean time as you point not having everything on the panel for everyone, allow to keep it simply stupid for most of users. But i hear you and i have the same point of view.

Looking forward to see your work.


Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Disable file sharing for an ibay
« Reply #12 on: February 02, 2020, 07:24:17 PM »
And, as I am the one responsible for SME Server, I didn't want yet another contrib. (That's perhaps arbitrary, but I've wished for twenty years that contribs that have a "core" usefulness would more quickly find their way into core packages.)

What may be of vital importance to you might not be to another. So how do you decide which to add?
That also adds a lot of development and maintenance overhead.

We already have more code than we can really cope with, without adding to it.

What is also odd is that you have been using SME for '20 years' but have never said anything before. The stuff that generally does get done is by those who join in and make it happen.

Quote
So, in those terms - not wrong or inadequate, just not quite right. And to my last point above, SharedFolders overlaps the webhosting contrib as well as the stock ibay feature. Both contribs, along with the SCLs for PHP and MySQL, and probably others, should have (imho) long ago been made part of the stock ibay panel. Instead, there are at least six panels/contribs that overlap and provide "pieces" of what (again, imho) should be a single panel.

The whole area is massive and has been added too piecemeal over the years as things have progressed eg SCL wasn't there when we released v9. People have added bit to help as they saw the need. Again - see above. Those who contribute also direct. That is the nature of open source.

Jena Philippe is trying to sort some of this out currently. Come and talk to us about it on our Rocket.Chat instance and tell us what you can do to help.

Quote
Completely aside, but I find, in this area, the Nethserver project does a much better job of absorbing and integrating community efforts; however, that's also the reason I find NS to be less coherent than SME. Nothing is absolutely free of cost or consequence :) There is something to be said for and against the glacial advancement of SME, just as the more rapid advance of NS has its pros and cons. Maybe someday the two communities will get over their divide and focus on providing a single, better solution. (I think some personalities won't/don't favor that, though.)

Just to correct you on this.

I spent a most of a long weekend at FOSDEM discussing this at length with Filippo years back. In simple terms they had decided on a more commercial direction, and they did not want to merge back. It was not for want of trying on my part. NS is really just a teaser to get you into buying their other products and services. Those of us still here have a different philosophy.

You pay your money and you take your choices.

The systems are pretty different now and there is no real way to merge them - not without a huge amount of effort which probably is not worth while.

Quote
Anyway, I have found a solution and have it integrated into the web hosting admin panel. A little more testing and then I will post the solution. Perhaps Stephdl would consider formally adding it to the webhosting contrib. I'll pose that question once I'm sure it's solid.

That is the best way to put something in to SME. Contribute some code.

Amazingly Stephane turns up !!! You might be lucky and get it accepted....
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Disable file sharing for an ibay
« Reply #13 on: February 02, 2020, 07:25:25 PM »
Hi mates

Please could you make a pull request under

https://github.com/stephdl/smeserver-webhosting/tree/sme9


Hi mate!!!

OMG - how the hell are you????

Nice to see your smiling face!!!! Hope you and the the family as well? Coming through Valencia this year?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline stephdl

  • *
  • 1,519
  • +0/-0
    • Linux et Geekeries
Re: Disable file sharing for an ibay
« Reply #14 on: February 03, 2020, 07:39:30 PM »
hello reetp

Yes we have one week to take in february (week8) but I do not  know where we go
See http://wiki.contribs.org/Koozali_Foundation
irc : Freenode #sme_server #sme-fr

!!! Please write your knowledge to the Wiki !!!

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Disable file sharing for an ibay
« Reply #15 on: February 03, 2020, 08:06:59 PM »
Yes we have one week to take in february (week8) but I do not  know where we go

Let me know. My turn to buy beer. :pint:
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: Disable file sharing for an ibay
« Reply #16 on: February 03, 2020, 10:19:23 PM »
Yes we have one week to take in february (week8) but I do not  know where we go

G'day mate :-) just saying we are desperate for visitors to tourist areas that have had their holiday seasons wiped out from the fires, its safe :-) I do understand it might be a bit far though :-) nice to read you..
--
qui scribit bis legit