Koozali.org: home of the SME Server

Setting up an I-bay for an outside user

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Setting up an I-bay for an outside user
« on: June 15, 2021, 01:58:10 AM »
Hi,

I am trying to setup an I-bay that a user can login and upload to it. I have setup the I-bay and I can login into it as if I am the other user. I can upload from the admin side to the I-bay folder however I can not upload to the I-bay folder from the User Side. What settings do I need to have so I can accomplish that?

If you need anymore information on what I am doing and what settings I have now let me know.

Thanks.

Offline Jean-Philippe Pialasse

  • *
  • 2,745
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #1 on: June 15, 2021, 05:41:04 AM »
maie a dedicated group for this user

set the ibay for write and read by the group

choose your preferred way to access to the ibay
-sftp
-scp
-ftp over tls
-nextcloud
-phpwebftp
- vpn plus samba

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #2 on: June 16, 2021, 08:03:08 AM »
Hi,

Thank you for your response that helped.

Okay another question

Is there a way to when you login as a user like lets say you login in as John and you type the password for john that you will be directed right to the I-bay that john uses and the user John won't see the other I-bay's on the server?

Thanks.

Offline Jean-Philippe Pialasse

  • *
  • 2,745
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #3 on: June 16, 2021, 08:37:28 AM »
First
using the right permission your user will not have access to anything he is not supposed to.

second what you seems to ask is chroot.  Currently your are able to chroot a user in ftp using remoteaccess contrib.
If you are not using sme10 pay attention that ftp is not using tls and password and traffic are not encrypted using ftp.  starting sme10 default is to use tls.

if you choose nextcloud contrib, access to the ibay will be easy using the gui.

if you need scp or sftp see bug https://bugs.koozali.org/show_bug.cgi?id=3178
if you only want one ibay, it can be achieved with a few modifications : template custom and a cron to make sure /home/e-smith/ is root owned. 

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #4 on: June 21, 2021, 11:11:54 AM »
Okay I think I am real close I just have some permissions not set right.

I have the I-bay Named John for example

I want the user to be able to login to the I-bay John directly to Files because I don't want to have to have them navigate through all of the other I-bays to upload there files.

So When I login directly to the I-bay John using the Username John and entering the password for the I-bay on the remote side I know it takes me directly to files and if I upload a file to the I-bay john in files on the admin side I can see it on the remote side but I can't upload to the I-bay John on the Remote side I get this error 550 operation not permitted.

What do I need to change so I can upload to the I-bay "john" on the remote side?

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Setting up an I-bay for an outside user
« Reply #5 on: June 21, 2021, 11:46:35 AM »
Okay I think I am real close I just have some permissions not set right.

First, you should not really be trying to set permissions by hand. They are likely to be overridden but the system.

second what you seems to ask is chroot.

Are you using some sort of chroot method as Jean Philippe suggested? If you not you will not achieve what you want with just permissions. It is more complex than that.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,745
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #6 on: June 22, 2021, 01:14:57 AM »
Also before we can help we need to know which protocol you are trying to use


by the way in my suggestion i forgot an option : webdav over https. with the right settings user will be directed to html only him will have access and he could upload and download to the folder. 

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #7 on: June 22, 2021, 10:57:28 AM »
Okay so I am using FTP to access the I-bay however I am not sure if I am using TLS or not.

I set the I-bay for write and read by group

I don't have the option on my side to pick between these options

-sftp
-scp
-ftp over tls
-nextcloud
-phpwebftp
- vpn plus samba

All I have is this

Execution of dynamic content CGI PHP SSI Disabled

Force secure connections Disabled.

Also with webdav over https how would I start with setting that up? Because that sounds like the way I want to go.

Offline Jean-Philippe Pialasse

  • *
  • 2,745
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #8 on: June 22, 2021, 12:18:44 PM »
sme 9 or sme 10?


only acceptable answer is sme 10 ;)

see https://wiki.koozali.org/Mod_dav

and for configuration using server manager https://wiki.koozali.org/Webhosting
« Last Edit: June 22, 2021, 12:22:08 PM by Jean-Philippe Pialasse »

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #9 on: June 24, 2021, 08:22:59 AM »
hahaha the answer was SME 8 will be SME 10 the correct answer soon :) I'm hoping upgrading will resolve some of the issues I am having. What are the main issues with SME 10 is it pretty much cut and dry like SME 8 or does it have some issues??

Thanks.

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: Setting up an I-bay for an outside user
« Reply #10 on: June 24, 2021, 09:25:38 AM »
It was released, there are no issues :-)

Only way to find out is use it, if able a test sytem to do a test migration to helps enormousely. Many are now rolling it out in prod environmenst, a few little glitches picked up and resolved. See the forum section

Others may want to expand. Just remeber the underlying base RH/CentOS has moved a long way from how and what they provided to sme8/9.

Enjoy
« Last Edit: June 24, 2021, 09:27:34 AM by TerryF »
--
qui scribit bis legit

Offline Jean-Philippe Pialasse

  • *
  • 2,745
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #11 on: June 24, 2021, 03:15:55 PM »
dav contribs was not as much evolved on sme8 as it is on sme10.

you are at risk for a few years now with sme8 without any security patch. You should upgrade without delay, and then focus on your present issue as it will be easier to fix.


SME 10 has all the fixes SME 9 had over SME 8 and more fixes.
of course some issues may persists but have more chance to be fixed than they will be on SME 8 ;)



Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Setting up an I-bay for an outside user
« Reply #12 on: June 24, 2021, 07:09:29 PM »
but have more chance to be fixed than they will be on SME 8 ;).

V8?
Probability = 0

:lol:
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline JRBATM20192021

  • ***
  • 111
  • +0/-0
Re: Setting up an I-bay for an outside user
« Reply #13 on: June 25, 2021, 11:03:57 AM »
Okay all upgraded now.

I can't make WS_FTP work with 10 it errors 550 ssl/tls Required on the control channel

Filazilla will only work on one machine it says 550 ssl/tls Required on the control channel for any other machine when trying to connect to the server.

Are there more settings I need to "enable" other than the obvious ones so I can access the server via FTP?

Server-manager works perfect by the way.

Thanks

Offline Jean-Philippe Pialasse

  • *
  • 2,745
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Setting up an I-bay for an outside user
« Reply #14 on: June 25, 2021, 04:03:50 PM »
you need to enable on the client ssl/tls.
filezila is capable. 


further more you need tls 1.2 or 1.3.