Forums

Flash
Flash
Offline
ClearOS Feature Request

SFTP server in ClearOS

Resolved
0 votes
Hello

Can please someone tell me, If there is an SFTP program, that can be installed on ClearOS and can be configured so, that a user which connects with an SFTP client can have the same user permission as it has, when the same user connects over LAN to SAMBA?

Maybe something like FileZilla server? Where you can set many settings, from read/write permissions, to the ul/dl bandwidth speed for each user.
Or is this impossible on ClearOS? If SFTP is to complicated for ClearOS, maybe only an FTP or FTPS program?

Because the FTP app on the Marketplace is a joke, not a single setting can be made... :(

Thank you
Friday, June 18 2021, 11:42 PM
Share this post:
Responses (12)
  • Accepted Answer

    Flash
    Flash
    Offline
    Friday, June 25 2021, 05:35 PM - #Permalink
    Resolved
    0 votes
    If I add CWD command, like you said, then it works from Total Commander and ES File Explorer on Android also, but then I can browse through all folders, also folders, that I don't have permission. Why is that?
    On Pot Player and VLC Player it doesn't work.

    Maybe you're right, but, if it were client issues, then how come, that if I connect to FTP server which runs on Windows with FileZilla everything works?

    I will look at the OpenVPN docs, but if it's a global setting, then I don't know if it will be OK.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, June 25 2021, 09:38 AM - #Permalink
    Resolved
    0 votes
    Trying to track back my brain. In some cases you may have to add CWD (Change Working Directory) to the list of commands available in line 16 of /etc/proftpd.d/flex-21.conf. As that file is generated every time you make changes to your flexshares, then you should really modify the generating program, /usr/clearos/apps/flexshare/libraries/Flexshare.php line 2761 so CWD is added every time flexshares are regenerated.

    As I said, I don't know where the fault is between ProFTP and the Android app, but your problems do tend to point to client issues.


    I have set up OpenVPN, as you suggested, and it is working, but correct me if I'm wrong. Every user, that connects through OpenVPN then gets my external IP address, right?
    Only if you enable the option to force all traffic through the VPN. It is not the default operation.
    Looking at the OpenVPN docs, it is possible to limit the bandwidth with the shaper option, but I think it is a global setting and not per-user.
    The reply is currently minimized Show
  • Accepted Answer

    Flash
    Flash
    Offline
    Friday, June 25 2021, 08:58 AM - #Permalink
    Resolved
    0 votes
    What do you mean that you hacked the ClearOS app? Proftpd app? And what is a CWD command?

    As far as FTPS goes. If I log in with Total Commander in Windows, I don't have to specify the landing directory, it works without it, but if I want to log in with Android, then I have to specify the landing directory. And this is strange to me. Why in Windows it works, but in Android it doesn't work? Is this a "fault" on the Proftpd app (must something be enabled in config?), or because of some weird Android restriction?

    It's also strange to me, that if I try to login with Pot Player on Windows or VLC Player on Android on port 2121 it connects, but on port 21 and port 990 it doesn't work...
    Also on Pot Player it plays videos on port 2121, but on VLC Player, while it connects and you can browse through files, it doesn't play videos...

    Yes, I'm trying to set remote access to videos and other files.
    I have set up OpenVPN, as you suggested, and it is working, but correct me if I'm wrong. Every user, that connects through OpenVPN then gets my external IP address, right?
    And another "problem". Can OpenVPN limit bandwidth like in proftpd, so that one or two users don't use the whole bandwidth?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, June 24 2021, 08:24 PM - #Permalink
    Resolved
    0 votes
    /etc/clearos/flexshare.conf stores all the settings needed to regenerate the ftp, samba and webserver flexshares.

    I think I hacked the ClearOS app to add CWD to the list of available commands.

    I also think for FTPS you you need to specify the landing directory for when you log in.

    I have absolutely no idea why your apps don't work and have no idea which end is at fault.

    I am really not sure what you've been trying to achieve with all this and hope it has not messed up anything. If you were trying to get remote remote access to videos, you could have used OpenVPN to connect in securely then normal apps to access samba shares.
    The reply is currently minimized Show
  • Accepted Answer

    Flash
    Flash
    Offline
    Thursday, June 24 2021, 06:25 PM - #Permalink
    Resolved
    0 votes
    Thank you Nick explaining.
    I also found /etc/clearos/flexshare.conf - do you know for what is this config file for?

    I have now set everything up, also the bandwidth limit per connection is working ;) :D If someone is interested this is what you should put in the /etc/proftpd.conf file:

    <Global>
    # Limit download speed in kB/s
    TransferRate RETR 1000

    # Limit upload speed in kB/s
    TransferRate STOR 1000
    </Global>

    I also put this in the <Global> section: TLSOptions UseImplicitSSL AllowClientRenegotiations NoSessionReuseRequired - With the last one it is also working in Total Commander in Windows.

    But, I have some "problems".
    When I connect to the FTP in Total Commander in Windows in can connect on port 21 or 990 (ftps) and I don't have to set a default directory, it connects itself to the / and I can see all the folders.
    But, when I do this in Total Commander on Android it doesn't connect at all. Not on 21 not on 990 port. But, if I put in a directory that I share, it connects. I think, that this must be an Proftpd "issue" or maybe something must be enabled in the config file? Because, if I connect to an FTP which runs on FileZilla, it is working on Android. Any ideas on this?

    Another problem is with the Pot Player on Windows and VLC Player on Android. None of them can connect on port 21 or 990, but they can connect on port 2121.
    On Pot Player, when connected on port 2121, I can play videos directly from FTP, but in VLC on Android, while it connects on port 2121, it can't play videos.

    When I connect both programs on FTP which runs on FileZilla on Windows, everything is working.
    So I think, this is also an issue on the Proftpd site, or am I wrong?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, June 21 2021, 02:12 PM - #Permalink
    Resolved
    0 votes
    ClearOS configures smb.conf initially and does not do much more with it. Flexshares are configured in /etc/samba/flexshare.conf for samba and /etc/proftpd.d/flex-21.conf and /etc/proftpd.d/flex-990.conf for FTP. It not worth changing the flexshare configurations manually becaus, if you make any changes in the Flexshare Webconfig, the whole file gets regenerated. If you want your own configuration, use another "include" statement for your file in smb.conf.

    Just be aware you may now have damaged the samba configuration by changing smb.conf. If all you were doing is setting up shares you should be OK.

    With FTPS, I recall an issue about setting or not setting the folder or path when the client logs in, but I can't remember what the issue is.

    Note that ClearOS is largely meant to be point and click so asks for a particular way of working. With Flexshares they have tried to integrate Samba, FTP and Web Serving, but it does replace restrictions on what you can change.
    The reply is currently minimized Show
  • Accepted Answer

    Flash
    Flash
    Offline
    Monday, June 21 2021, 01:54 PM - #Permalink
    Resolved
    0 votes
    The past 2 days I have been messing around with this FTP...

    I'm guessing, whoever wrote this app is in love with the folder /var/flexshare/share/ ... no matter what I did, I could not set the share to a different folder... :S Can this be done??

    Samba and FTP are now running, but, I have a little problem. I tried to connect with Total Commander app on an Android phone, and it worked with port 21 and 900 (FTPS). Then I tried with Total Commander on Windows PC, on port 21 it is working, but on port 900 it's not working...

    I also tried with VLC app on android phone, but here it isn't working at all, not on 21 not on 900 port...

    Does maybe someone know why is this so?

    Until now, I never used flexshares. I always set the shared folders in /etc/smb.conf file - Do I understand correctly, that if you use flexshares, you don't need to configure the same folder again /etc/smb.conf?
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, June 19 2021, 12:41 PM - #Permalink
    Resolved
    0 votes
    Don't fight the system or you will lose some of the benefits of ClearOS. Use the Windows Networking and Flexshare apps alongside the FTP app. Flexshares govern permissions and it is by a single group. That group is used in both Samba and ProFTP (and Web Sites). In the Flexshare app, for the flexshare enable both Windows File Share and FTP. The Flexshare and Windows app will sort out your samba configuration for you and never use Webmin for Samba as it will break the ClearOS Samba set up.
    The reply is currently minimized Show
  • Accepted Answer

    Flash
    Flash
    Offline
    Saturday, June 19 2021, 12:14 PM - #Permalink
    Resolved
    0 votes
    Yes, I know about 2121 in 990 ports. I'm trying to make it work for the last 2 days, but I don't know hot to set folder and folder permissions for users like in Samba.
    Can this be done with FTP?

    What about FileZilla on ClearOS? Mission imposible? :D
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, June 19 2021, 09:16 AM - #Permalink
    Resolved
    0 votes
    My earlier post is wrong and I was wrong and I'm correcting it. Home folders are on FTP with port 2121. FTPS for flexshares in on 990 so you can have FTPS by default. SFTP is different from FTPS, but you'd be on your own configuring it.
    The reply is currently minimized Show
  • Accepted Answer

    Flash
    Flash
    Offline
    Saturday, June 19 2021, 09:09 AM - #Permalink
    Resolved
    0 votes
    Isn't SFTP secure and FTP unsecure?

    Can FTP in ClearOS be configured that a user has the same folders and folder permissions like in samba? Maybe dl/ul bandwidth limitation per user like in FileZilla?

    Can this be done in ClearOS? https://sysads.co.uk/2016/05/04/how-to-install-filezilla-server-on-linux-os/
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, June 19 2021, 08:34 AM - #Permalink
    Resolved
    0 votes
    The FTP server gives you access to your flexshares, if you allow it in the Flexshares app. This is though the normal FTP port. If you use port 2121 you get access to your home folder instead.

    I don't know what you want with SFTP. AFAIK it is part of the SSH setup and is normally only for root access. It is not hooked up to LDAP so I don't know if a normal user can use it.

    What do you want from an SFTP server that the FTP server does not give you?
    The reply is currently minimized Show
Your Reply