FreeNAS as configuration backup; isolate customers

[hvdkooij]

I was looking wether or FreeNAS will fit the bill.

We are looking for a solution on which we can create customer accounts. These account can only use SCP and ftp(s) to store configuration backups. These customer may not see the other customers. They must have no way of even knowing which other customers are using this backup.

We also have engineers that may need to access the customers configuration and download whatever they need. This might also be done through fileshares or something else.

Is this easy to setup with FreeNAS? I did do a simple test setup in a VM just to test the concept. But I guess I might just no get the concepts right as I could not build something like that.

 

[dlavigne]

For the customers, you could use either an FTP chroot or an SFTP chroot, both of which are described in the User Guide.

 

[hvdkooij]

Right. I read through the sections. The issue with chroot is puzzeling me. To the best of my knowledge if any client is able to break chroot then the server is to blame.
But it seems I must use 1 account for SCPONLY, 1 account for SFTP and 1 account for FTP for just 1 customer. Is that correct?
Like:
customer1-ftp
customer1-scp
customer1-sftp

 

[dlavigne]

No, you only need one account per user and typically you are creating a dataset and using that as the share/homedir for that user. But you need to decide how the user will access their data. If the user's shell is scponly, that is all they can do. Otherwise, determine if the user will be using ssh or ftp to access their files and setup that chroot.

 

[hvdkooij]

The issue is that we have customers that use scp from their firewall. ftp from other devices.
How do we handle that? Multiple accountsa with the same UID?

 

[cyberjock]

You do one account per human being (yes, you can do more but that adds even more complexity). But you must set up permissions as appropriate.