FTP service configuration

[yesyes]

Hi. I'm new to FreeNAS. I'm running FreeNAS-9.3-STABLE-201502162250 in a VM on ESXi 5.5. (I've seen the thread that says don't run FreeNAS in a VM in production but I'm willing to take the risks explained there as this is just my "network hard drive" at home.)

I've got 2 mirrored SATA 2TB HDDs on an Adaptec RAID card. These contain a 1.5TB VMware virtual disk which I have then configured as a disk in FreeNAS. On that disk I created 2 volumes (I could have sworn that they were called datasets when I created them, but now I only see them under volumes). Each dataset is configured as a CIFS share.

I don't have an AD server / domain controller so I created users and groups locally on FreeNAS. I have created 3 users and 2 groups. Each of the 2 CIFS shares has its own group. The idea was to later just assign groups to individual users in order to give these users access to the shares individually.

So far this all seems to work fine.

However, now I also want to configure FTP access. This is where I struggle. What I want to achieve is teh same level of access as for the CIFS shares. So user A only has access to share 1. He connects via FTP and is only supposed to have access to the folder that share 1 is located in (and everything underneath). User B (me, the admin) has access to both shares. When that user connects via FTP he should have access to both shares. And User C should only have access to share 2.

I've had this working like this on my old Buffalo Linkstation which I'm now replacing with FreeNAS.

So far I only managed to either give FTP access to everything (the whole file system of the FreeNAS machine) or each user was only able to access their own home folder ("always chroot" option enabled) without being able to share files among different users.

Is what I want to achieve possible to configure on FreeNAS?

 

[dlavigne]

Did you find a solution for this?

 

[yesyes]

I'm afraid not (yet). I was just about to bump up the thread and ask if the silence meant it can't be done. ;-)

 

[dlavigne]

I don't think this can be done from one share, though others may know more.

 

[yesyes]

It's 2 shares in my case. One user/group should have access to one share and the other user (me)/group access to both shares. Even if it would only work with one group per one share, that would be OK with me. I could just create another user and log in differently per share.
But I can't find a way to give one user/group access to a certain share / folder. As far as I can see it's either the whole file system or only that user's home folder.

 

[yesyes]

Maybe I should explain what exactly I'm trying to achieve. Maybe there's another way with something other than FTP.

I need to have 2 shares. One with our private files to which my wife and I need to have access from our desktop computers at home (both Windows 7). I also want access to these files from remote (for example at work).

Then there is another share where a friend and I place files related to projects we are working on together. I (but not my wife) need to have access to these files from my desktop PC and from remote. Also, my friend needs to be able to up/download files to/from there remotely.

Local access to these 2 shares works fine (CIFS shares) but I need some solution for the remote access.

 

[cyberjock]

I will tell you trying to use the same files in CIFS AND FTP at the same time is hard. proftpd uses the Unix permissions, and CIFS uses the ACLs. To use CIFS share safely your dataset should be set to the Windows ACLs mode, which means that Unix permissions get kind of broken and screwed up. If you do the opposite then you break CIFS.

The short and simple is to use CIFS or FTP. Don't try to mix them as it doesn't end well. I was a bit disappointed when I figured this out (I tried to do CIFS and FTP myself) and it just won't go well. If you are doing read-only FTP, you can *sometimes* get away with this. Some clients will do writes even when just traversing directories, so that can create problems (I'm talk to you Filezilla!).

 

[yesyes]

I just wanted to update this thread with my "solution".
I've changed to OpenMediaVault where this is very easy to configure exactly the way I wanted to.

Sorry, it's probably not what you wanted to hear, but it does what I want.

 

[yesyes]

As for cyberjock's comment, thanks for that. I didn't know. I should be safe in my case as I will only ever use FTP when I'm not home (and therefore not access my files through the CIFS share). So I won't be using FTP and CIFS at the same time for the same file. But I will keep this in mind.

Does this only apply to FreeNAS or is this a general no-no?

 

[Ericloewe]

As for cyberjock's comment, thanks for that. I didn't know. I should be safe in my case as I will only ever use FTP when I'm not home (and therefore not access my files through the CIFS share). So I won't be using FTP and CIFS at the same time for the same file. But I will keep this in mind.

Does this only apply to FreeNAS or is this a general no-no?

It's a general issue, unless someone has written a magical translation layers that unifies all sharing protocols' permissions.