A Flexshare is a flexible and secure collaboration utility which integrates three of the most common methods of accessing files or content:
File Shares (Samba)
It is an extremely powerful and versatile tool that has many uses. The example below (a hypothetical engineering consulting firm Eng-123 and its client OEM-XYZ) describes a Flexshare and a typical working environment.
A Flexshare might be defined on a server owned by Eng-123 after successfully bidding on an engineering project for OEM-XYZ. CAD files (engineering drawings) associated with the project's design are centrally located on the server and should be accessed only by the users included in Eng-12's engineering group. The file-sharing (Samba) Flexshare definition is used to allow restricted access to this directory from the Local Area Network (LAN) or over Virtual Private Network (VPN) tunnels in the event engineers work remotely.
By adding Flexshare's FTPS (secure FTP) access and configured to require a username/password for read-only permission, the project manager of OEM-XYZ can have access to the drawings at any time from anywhere on the Internet. The increase in productivity by allowing real-time access to the CAD drawings keeps the project on track and negates having to e-mail CAD files which are often large and not ideal for e-mail transfers.
Nearing the completion of the project, OEM-XYZ's sales/marketing team make a request to have an assortment of images created from the CAD software's rendering engine from 3D wire-frame. Flexshare's web access, set-up with unrestricted access, gives the sales team the images they need to begin pre-selling - with just a browser and a URL provided.
The above illustrates just one possible use of Flexshares. Much simpler Flexshare's can be created for every-day tasks common to any small business such as hosting and updating a website or creating user-restricted file shares.
If your system does not have this app available, you can install it via the Marketplace.
You will also need to install one or more of the following apps to enable file share functionality:
For those of you upgrading from ClearOS 5.x, the default FTP
ports for Flexshare are 21 (FTP
) and 990 (FTPS). Port 2121 is now used to FTP
into home directories.
When you click on the Flexshare configuration page, you will be presented with the Flexshare Overview.
The summary lists the shares you have currently defined, allowing you to quickly view which access methods are enabled in addition to overall flexshare status. You can Edit or Delete each Flexshare using the Action links in the right hand column. Of course, if no Flexshares are defined, the Action links will not be visible.
Creating a New Flexshare
To define a new Flexshare, fill out the Name, Description and Group fields. A Flexshare template will be created and at this point the share is disabled and no access is yet defined. The Editing a Flexshare form will be displayed, allowing you to customize the share options and enable access options.
Editing a Flexshare
You can make edits/changes to any defined Flexshare at any time. A newly created Flexshare will have no access points enabled, so you will want to configure at least one service (Web, FTP, Filesharing) to take advantage of the share you have created.
To begin editing a Flexshare, you'll need to select which access point you want to modify.
Select the appropriate configuration and use the help sections below to guide you through each type of access point and the options that are available.
Changes will take place immediately upon clicking either the Update or Enable/Disable links for the access point you are configuring.
Configuring Flexshare's Web access enables anyone (or authorized users only) to use a web-browser to navigate to a website in order to view content, interact with a dynamic web page (for example - a PHP or CGI enabled online store) or download files from an index listing.
The rest of this section will describe the different settings that will modify the behavior of a Web accessible Flexshare.
Indicates the current status of the Web Access for a Flexshare. Note, even though the Web Access point is enabled, the overall Flexshare must also be Enabled.
The server name (domain name) that will be used to access this Flexshare. This parameter is locked to the Server Name field defined in the Web Server configuration.
Accessibility allow you to restrict which interfaces incoming requests to the share are allowed from. Setting this field to LAN Only essentially makes your Flexshare accessible from your Intranet only.
Firewall Configuration | If set to All, make sure you have added the appropriate incoming firewall rule if the server is the gateway, or forwarded the appropriate port on your firewall.
If enabled, a user will be prompted with a login dialog pop-up where they can enter their username/password. Before gaining access to the Flexshare, the username/password will be confirmed as a valid account on the server. In addition, the user must belong to the group that has been given access to the share.
Require SSL (HTTPS)
Determines the protocol to use - HTTP or HTTPS. If you have enabled authentication, you are advised to enable this feature (use HTTPS) since users will be required to provide their username/passwords to authenticate to the server. Using HTTPS ensures this sensitive data is encrypted.
If Show Index is enabled, browsers will display a listing of all files if there is no index page (for example, index.html, index.php etc.). This is normally only desirable if using the Flexshare as a file access service (similar to FTP). If you are running a website, this option should be disabled.
Follow Symbolic Links
Unless support for symbolic links is required, this feature should be disabled.
Allow Server Side Includes
If you are installing a web application into your Flexshare, check to see if server side includes are required. In most circumstances, this feature is not required.
Allow .htaccess Override
If you are installing a web application into your Flexshare, you will likely need to enable this feature.
Enables the execution of PHP script on the server. Any file with a .php/php4/php5 extension will be parsed by the PHP engine rather than by Apache directly.
Similar to the PHP field above, but pertaining to CGI script. CGI script, however, is isolated to the /cgi-bin sub-directory (for example, http://example.com/flexshare/sales/cgi-bin/store).
Override Default Port
In some cases (for example, an ISP that blocks port 80), you may want to run the server on a non-standard port. In this case, enable this feature and supply a valid port for the web server.
Configuring Flexshare's FTP access allows authorized users to use an FTP-client to connect via File Transfer Protocol in order to upload and/or download files to the server. The FTP protocol is still a prominent service today and is particularly useful for handling large files.
One of the downsides of the FTP
protocol is that it uses separate ports to control dataflow and transmit payload data which causes conflicts with firewalls (both server and client side).
Indicates the current status of the FTP Access for a Flexshare. Note, even though the FTP Access point is enabled, the overall Flexshare must also be Enabled in order to work. Use the Enabled/Disabled link at the bottom of the form to toggle the status.
A timestamp indicating the last time a change was made to the FTP Flexshare configuration.
The FTP URL (or domain name) used to access the service. This parameter is locked to the Server Name field defined in the FTP Server configuration.
Require SSL (FTPS)
Determines the protocol to use - FTP or FTPS. If you have enabled authentication, you are advised to set this to Yes (use FTPS) since users will be required to provide their username/passwords to authenticate to the server. Using FTPS ensures this sensitive data is encrypted.
Override Default Port
Flexshare FTP/FTPS uses port 21/990 as the default ports.
Allow Passive (PASV)
Allowing passive connections can improve the experience/usability of FTP access to clients accessing the service outside the local network. However, care must be taken to open or forward appropriate ports to your network for the port range you designate for passive exchange. For more information on Active vs. Passive connections, see below.
If set to Yes, non-anonymous authentication is required. Before gaining access to the FTP Flexshare, the username/password will be confirmed as a valid account on the server. In addition, the user must belong to at least one group that has been given access to the share.
A greeting that is displayed once when a user authenticates and has access to the FTP Flexshare.
Configuring Flexshare's File access (Samba) enables public or authorized users only (or both) to connect via file sharing in order to move files from desktop to the server and vice-versa.
Indicates the current status of the File Access for a Flexshare. Note, even though the File Access point is enabled, the overall Flexshare must also be Enabled in order to work.
The Permissions field determines what type of access group members have to files on the share.
If you would like to add recycle (trash) bin support to the Flexshare, please enable this feature.
Access to all files can be logged using this feature. This may be a compliance requirement in many jurisdictions.
Deleting a Flexshare
Deleting a Flexshare that is currently defined can be done from the Overview page. Click on the Delete link next to the share you wish to delete. A form similar to the one shown below will be displayed requesting you to confirm your intention to delete the share.
Checking the Delete all files and remove share directory will do exactly that - make sure you no longer need any files in the share directory and all sub-directories or have backups located elsewhere.
Use the Disable share function instead of Delete in the event you want to remove share access temporarily but not lose all your configuration settings.
Remember to open up appropriate ports on your firewall if your intention is to allow access from outside your network.
Accessing Home Directories via FTP
If access to home directories is desired, please use port 2121 instead of the default FTP ports.