Seeking FTP setup documentation or paid remote assistance

[SweetAndLow]

User home directory are under the user settings. Users->view user

http://doc.freenas.org/9.3/freenas_account.html#users

 

[mudshark]

With the settings as below users can still navigate out of their own FTP folder to see everything in all other datasets.
At this point we believe whatever is wrong must then be discernible from the info below (but I still do not see how to change folder permissions here).

1- FTUusers dataset permissions are: Owner: root, Group: ftp
2- Users' home directory permissions are set under "Modify User".

My test ftp user settings are:
---------------------------
UserID: richieftp
User primary group= ftp
(Tried a couple of different SHELLs, no difference)
Home Directory: /mnt/RAID10/FTPusers/richieftp
No aux groups selected
No other checkboxes checked except for the permissions
Note: I even tried unchecking all HOME DIRECTORY MODE checkboxes except for those under OWNER but the GROUP + OTHER checkmarks come back.

 

[SweetAndLow]

Remove all permissions for group and other.

 

[mudshark]

As noted above: I unchecked all HOME DIRECTORY MODE checkboxes except for those under OWNER.
After clicking Modify user the GROUP + OTHER checkmarks just come back.

 

[SweetAndLow]

That might be a bug then. You should be able to modify them. Looks like you will need to lean some command line stuff. It's always good to know a little bit.

 

[mudshark]

It's always good to know a little [cli].

Agreed. but for now...

I want to see what would happen if I created another user, but this time during initial acct creation uncheck all the permission check-boxes under GROUP + OTHER (check all 3 OWNER check-boxes, of course) and start them off that way.

THAT worked only in as much as the permissions setting checkboxes all stay the way it was intended.

Naturally, the issue where a user can SFTP into the server and still navigate throughout the different datasets, even those outside the FTP datasets, remains.

 

[SweetAndLow]

Remove group or other read from everything you don't want ftp users to have access to. If item has group ftp then remove group read. If item didn't have group ftp then remove other read permissions. Are you seeing the pattern here?

 

[mudshark]

Remove group or other read from everything you don't want ftp users to have access to.

I cannot be correctly understanding what you're saying here... I am definitely missing the pattern!

We have already established that no dataset (other than FTPusers dataset) has the ftp group permissions. (Haven't we?) The other datasets are all owned by root and group= "samba_users". Only the ftp users ought to have access to the FTP dataset since that's the only dataset that has ftp usergroup ownership... The ftp group is found nowhere else but the ftp dataset.
I am flummoxed!
You sure do know what you're talking about so I know it's me... But I can't be doing anything so different as anyone else who has tried to add FTP services to a server. I am following all the steps, etc. Are you sure you don't want to remote in and make a couple of bucks while we figure this out together?

 

[SweetAndLow]

I need to test some things out then get back to you.