Seeking FTP setup documentation or paid remote assistance

[mudshark]

Hey folks
Seeking FTP setup documentation. Is there a step-by-step for FTP setup anywhere?
I have a running FreeNAS server with CIFS shares running well and now I want to add FTP users.

I need to know what is required under Groups, Users, Sharing, Storage, etc. and in what order these items ought to be completed in.

* Groups - I've created a group: ftp-users
* Users - None created yet. I assume they'll have to be member of "ftp-users".
* Sharing - Create a single FTP share under NFS I assume? Should this be a "HOME" directory for users' sub folders?
* Storage - Create a separate dataset for these users' folders?
* Where do I define what folder they will be directed to on login?

The FreeNAS 9.3 User Guide has a section on the FTP service which I have gone over.
Completed those steps and enabled the service but obviously that's not all there is to getting FTP working for users.

Looked at the User Guide under Sharing, Groups, & Users but nothing specifically instructs how to add FTP users.

If no FTP setup guide exists anyone wanna make a couple of bucks guiding me thru it?

Thanks all.

 

[Darren Myers]

I asked @cyberjock this very question, and i read some other threads that mixing FTP + CIFS shares is not a good idea due to the varying permissions and it is best to make a dedicated dataset for any FTP shares/data.

Hopefully i got all that right, otherwise im sure someone will correct me :P

 

[mudshark]

Well that's fine. The same as my WebDAV data set is not my CIFS datasets, the FTP storage area can certainly be it's own dataset too. No?

 

[Robert Trevellyan]

the FTP storage area can certainly be it's own dataset too. No?

Yes.

So just curious, why FTP and not SFTP? Because with SFTP, all you need to do is set up individual users and give each of them a home folder and SSH access. It was only sometime in the last year that I finally realized FTP is completely pointless when you have SSH, because SFTP is built into SSH.

 

[mudshark]

Ok fine, Sftp. Works for me... I do have to wonder if users are able to do Sftp w/ no more effort than ftp or else my life becomes serving them! :O

 

[Robert Trevellyan]

I do have to wonder if users are able to do Sftp w/ no more effort than ftp or else my life becomes serving them! :O

If you're using an FTP client (e.g. FileZilla) then SFTP is no harder than FTP, plus it's more secure. It seems a more reliable too, presumably because it's more standardized.

 

[mudshark]

SFTP vs FTP is not really what I'm asking.

I am seeking guidance either
1- by way of a document that details all factors to getting users SFTP access OR
2- someone to personally help me remotely for money. ($50 sounds fair.)

 

[Robert Trevellyan]

by way of a document that details all factors to getting users SFTP access OR

All you need to do is learn how to give a user SSH access and you've automatically given them SFTP access. This isn't FreeNAS issue, it's just standard system administration for multiple users. There's plenty of information online about working with SSH, regardless of the platform. To put it simply:

1. Decide on what kind of home folder structure makes sense for you, and what kind of user group structure makes sense for you.
2. Create any necessary datasets for #1 in the FreeNAS GUI. For example, you might decide to have one dataset for all users, or one each.
3. Create the users and group(s) in the FreeNAS GUI, with a suitable home folder for each user.
4. Enable the SSH service in the FreeNAS GUI.
5. Choose the SSH service options that meet your needs, e.g. password login enabled vs only key-based authentication.
6. Set each user up with a suitable SFTP client.

 

[mudshark]

Ok! Thanks to you (and your above notes) I have a "working" SFTP running. Working is in quotes as there is something wrong with the way it works...
I log in via an SFTP client and end up in my home directory (so far so good), but from there I am able to navigate UP out of my home directory and into the parent folder! I also see a number of what should be hidden system files in the user's home folder.

Question 1: How do we restrict users to their home folders?
Question 2: How do we hide 'hidden' files?
Thanks

 

[Robert Trevellyan]

1. Ownership and permissions, and potentially chroot if necessary.
2. Simplest is probably to set suitable filters in the SFTP client. I don't know which clients can do this, but FileZilla definitely can.

 

[SweetAndLow]

What system files do you meant? Users have some default cofig files in their directory but those are for the user not system.

 

[mudshark]

I have zero control over the clients (FileZilla or whatever the customer has), so whatever needs to be done must be done on this side.
The files that users see in their folder all begin with a "." (means hidden?). File examples are: .cshrc, .login, .login_conf, etc.
If these are unimportant files and can be deleted w/o concern then I'm OK with sloppy, delete-happy customers seeing them.
So I'll need help with "Ownership and permissions, and potentially chroot if necessary".

At present the FTP dataset is "owned" by root, group ownership is "ftp".
I do not know how to find users' home folders to check their ownership there.

 

[SweetAndLow]

the .cshrc, .login, .etc can all be deleted and it shouldn't hurt anything. They are config files for the users session, shell and environment. Most people would want to keep these around for when you ssh into the box. But if you don't ssh into the box then you don't really need them.

If you don't want users to see other users home directories set the permissions to the FTP dataset and all home directories to be 700.

 

[mudshark]

OK, to set the permissions to the FTP dataset and all home directories to be 700, I...

Highlight the FTP dataset
Click the "Change Permissions" button.
and... [something goes here]
then check "Set permission recursively"
and Save.

 

[SweetAndLow]

no you probably don't want to do that. If you do that everything will be owned by root and have a group of ftp. You want the ftp dataset owned by root:ftp and then all users home directories owned by their user and have a group of ftp. To do that you will need to use the cli or you can modify the user in the freenas gui and change the permissions on their home directory.

 

[mudshark]

To do that you will need to use the cli or you can modify the user in the freenas gui and change the permissions on their home directory.

You are teaching me quite a bit and it is very appreciated.
I don't know what the "CLI" is and I don't know how to get to the permissions screens for users' folders.
I can get to the FTP dataset where the users' folders reside but the individual folders, no. Where can they be found?
Perhaps I should have 1st created a UNIX share in "Sharing" for FTP users' home folders???

 

[SweetAndLow]

Cli stands for command line interface. No need to create a UNIX share, you just need a folder or dataset to share via ftp.

 

[mudshark]

I need to alter each user's home folder permissions (those folders located under the FTP dataset).
Makes sense, and if I had GUI access to any user home folders I'd have done that already :).
The trouble is (if I understand the above), the only way to get to the users' home folders is via the CLI (no GUI access).
Being that I am not familiar with any CLI instructions perhaps each user can get there own dataset, which I do have GUI access to...

 

[SweetAndLow]

Home directory permissions can be changed under the user settings for each use in the GUI. I mentioned this before also.

 

[mudshark]

You did and I'm sure you're right, so there is a mis-fire on my side somewhere... I'm missing something.
Here is a screen shot of my datasets. I do not see how to get to the users' home directories under the FTPusers dataset.