Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Good evening all, hoping somebody could give me some general advice re permissions and FTP.
We currently have 2 x XP machines and 1 x Vista machine in our office. We also have a work from home staff member (on XP). My goal is to achieve a network storage device in the office which all users can save and open files from, with FTP access availible for our remote worker (to all files, where he can also save)
So, brought a D-Link DNS 323 and setup 2 x 500gb drives as raid one, upgrade to latest firmware v 1.05.
All internal users can open and save files to the drive and this works well. I have setup the FTP server and users/groups on the network storage and everybody can log in, download files etc. We use a free FTP client called FTP commander for this which works well.
BUT...
I noticed that I could not download some files. I noticed that the files I couldnt download have permission rwx------. The files which I can download have rwxrwxrwx. So i need to set the file permissions...
For some reason I cannot change the file permissions whilst they are on the drive, I have to transfer them to my pc and change them, then transfer them back. I am changing permissions by clicking properties, security, Add group/User Name called Everybody, Allowing full access.
Once I have done this I can then transfer the file back to the drive and download it via FTP.
Firstly, is it possible to mass change all files and folders on the drive to allow the correct permission. I have heard about chmod? but have no idea where to start.
Secondly, say I (on XP machine 1) save a file to the drive, internal machines can view it and open it, but the permission is not set correctly by default so I have to change it for each file. How can I overcome this? Can I 'force' everything on the drive to have a certain permission? This is my biggest problem at present!
Thirdly, is the rwx etc the same as the group/username setting? Or do they do different things? I am struggling understanding the purpose/difference of each component.
Any advise GREATLY appreciated.....
Many thanks
Offline
The rwxrwxrwx breaks up into 3 groups. The first is owner, the second is the group that the owner belongs to, and the third is everyone else. When your file has rwx------, that means the owner can read, write, and execute the file and nobody else can. If the access was rw-rw----, then the owner can read and write, all users that are in the same group as the owner can read and write, and nobody else can do anything.
The chmod command that you are hearing about is run from the Linux shell. The first step is to establish telnet access to the device. This can be done via fun_plug -- I use ffp (see the wiki). Once this is up, you can change over to ssh, if you want a secure connection. Anyway, once you establish the telnet session, you can use the chmod command to change the permissions on the files -- and yes in bulk. If you are not familure with a unix environment, you may want to do some reading first; there are some good resources on the internet.
Lastly, ftp is not very secure, so be very careful. It is not to difficult to eavesdrop on the connection and grab passwords. I would recommend a VPN to securely connect remote users to your network. I currently use a Linksys RV042 to do this and it works very well. This way I full access to the network and map the drives / use printers as normal. In my opinion, they are devinately worth the cost.
Last edited by bq041 (2008-08-07 06:17:09)
Offline
There are FTP programs also that will let you change file permissions "IF" the command is supported in the FTP server - i use FlashFXP and it works well but I dont remember if the DNS box's FTP server supports the remote chmod command. I will try it when I get home.
Myk
Offline
It does, but you must be the ftp user must be the owner of the file.
Offline
Hi ryangsoton,
I am having the same problem and have not yet found a cure. The permissions of the files change if I open, edit and then save them directly (via a shortcut to the DNS-323). They can then not be downloaded via FTP, even if the FTP client is on the same PC. I found I could change back the permissions to allow FTP access by dragging the file directly to the desktop, renaming it and then puting it back to the DNS-323. I then delete the original file and name the new file to be that of the orginal. BUT the permission change back to blocking FTP access if I edit the file again.
This applies on XP and XP Pro machines.
I have not been able to change the permissions back to allow access using any FTP client I have used.
When you change permission by adding user Everyone is the change permanent, even after further editing of the file?
Cheers
thorium90
Offline
Hi Thorium,
The only way around it i have found thusfar is to do the following:
move all files back to my pc,
on each file, properties, security, add everybody as group, allow read and write,
delete original file from dns323
replace with files with new permissions.
It seems that if you try to overwrite a file, the dns will not notice the permission change, it has to be a new file on the dns or at least a new file name.
So - my next plan is to setup a new folder on my desktop, set permissions on this folder to allow everybody read/write. set this folder to inherit permissions from parent directory, move all files into this folder.
My early testing is showing that this is adding the 'everybody' permission to each file put into this folder. Assuming this is the case, I can then move them back to the drive, with the everyone permission still in tact (hopefully...)
The bigger problem is how do I 'automatically' add this everyone permission to every file by default. Only way I can think of (havnt tried yet) is to apply the everyone permission to the entire C:\?
Yes the change appears to be permanent after editing, whether or not the file will keep this permission when moved to the dns im not sure yet.... Works if i do a file at a time, havnt tried it with the whole drive yet...
Any thoughts?
Offline
I have no fix yet but I noticed that user thone887 is having similar problems so lets hope a fix surfaces soon. I tried editing the permissions directly on the folders in the DNS using windows folder properties but this stopped all access. Had to rename the files to get access back. I normal run XP Home and this does not have the Security tap on folder properties. (It does if booted into Safe Mode). I will have access to XP Pro next week so I will do some more tests then.
Offline
I have no fix yet but I noticed that user thone887 is having similar problems so lets hope a fix surfaces soon. I tried editing the permissions directly on the folders in the DNS using windows folder properties but this stopped all access. Had to rename the files to get access back. I normal run XP Home but this does not have the Security tap on folder properties. (It does if booted into Safe Mode). I will have access to XP Pro next week so I will do some more tests then.
Offline
The reason you cannot change permissions of the files on the DNS using the Windows security tab is because the DNS is running Linux and Windows uses its own securitys format that is cannot translate over to the ext2 filesystem.
So far, I have not heard of a solution, yet. Microsoft office likes to change the permissions on directly accessed files from the DNS to 700 (rwx------) which only allows the owner of the file full access and nobody else access.
The easiest work around is to use fun_plug to enable telnet access and use the shell to change the permissions to what you want them to be. You could even write a simple script to do this automatically for you.
Offline
In order to change the permissions on the files, try this.
Copy the affected file to your hard drive and then copy it back to the dns323. Voila, it should have full read/write permissions. I don't think you need to even change the file permissions once you copy it to your hard drive and back.
I have even just hit copy and then pasted the same file back into the same directory on the dns323 and the copy will have full permissions!?
Good luck and thank you for bringing this post to the surface, as D-Link thinks I am a kook when I tell them what is happening. I have been dealing with level 3 support there for 2 months now and they act like I'm nuts and the only one with the problem. A product manager was supposedly going to call me. They said an hour or two, but it's been a month and a half. He is always on vacation.
Does anyone else have any recommendations for an NAS that lets you get ALL of your files via FTP?
Take care,
Tbone
Offline
You can get all your files from FTP, you just need to FTP in as the root user. The root user has access to all files in the system. While this is not exactly the smartest thing to do for several reasons, it can be done. Then again, on the other hand, ftp is also not the smartest thing to have running on a NAS anyway, since it has virtually no security.
Offline
bq041,
Thanks for the input on security.
I am not too familiar with setting up and using VPNs.
If I purchased one of the units that you mentioned, would I be able to do the following.
Allow users to access JUST the dns-323 remotely on my network? This is the only thing on the network I would want them to be able to access.
Also, if possible, is it possible that they could only access a lower level folder and not Volume1?
Thanks in advance.
Tbone
Last edited by tbone887 (2008-08-14 17:45:10)
Offline
Yes, but you would have to set the network up that way. Probably the easiest way to do that is to set up the VPN on a different subnet than the rest of your network. Then I would make the DNS bee seen by both subnets. I use the VPN router for nothing but VPN and use another router for all outgoing internet traffic (my ISP allows more than one IP address). An example would be:
DNS
IP 192.168.0.5
Subnet mask 255.255.254.0
Gateway 192.168.1.1
local PC
IP 192.168.1.3
subnet mask 255.255.254.0
gateway 192.168.1.1
main internet router
IP 192.168.1.1
subnet mask 255.255.254.0
remote VPN user
IP 192.168.0.10
subnet mask 255.255.255.0
default gateway 192.168.0.5
This way the VPN user can see nothing other than machines with IP addresses of 192.168.0.* (which is only the DNS and other VPN clients), but all the local machines can see 192.168.0.0 to 192.168.1.254. It can even be more restricted if you know exactly how many remote machines you want to access the VPN.
Keep in mind, this is only an example to show it is possible and your particular network may need to be configured slightly differently to work the exact way you want it to. I also believe that the RV042 can accomplish this by itself without having to have another router for the internet, like my set-up. I can do some test for you if you are really interested.
Next, yes, users can be restricted in the access to the directories on the DNS. When a computer is on VPN, it is, for all practicality, on the local network and would map a drive to the DNS just like any other user.
Offline
I think I am getting you so far.
I attached a pic of a network map to see if this is what you meant.
So would the vpn router be set up on subnet mask 255.255.255.0?
With this setup, I could remotely access the dns-323 from the internet and keep the rest of the network(local PCs) unaccessable?
Thanks for your help...
Tbone
Offline
No, this is actually what I meant in the first example of how my network is set-up.
Offline
And this is how the second example would be, but I have to play with my VPN router to double check it is capable of this.
Offline
What the design effectively does is to run 2 different networks over the same physical hardware.
As for your question about the VPN router, that is complecated. It may, or it may not depending on how you want it to be seen on the network. Most likely, yes. The reason I say it is complecated is because it has several places to state a subnet mask, you have the lan, the wan, and the VPN (maybe). It also depends if you want to use IPSEC (supports 50 connections) or PPTP (5 connections). Each has advantages and disadvantages, the bigest being that Win XP and up have a built in client for PPTP. The PPTP server on this device does not allow you to manually mask the network or select a different subnet than the LAN of the router is on, so the router would need to be configured differently and you would most likely need to use example 1 with 2 WAN IPs. Come to think of it, I think it could be set-up using just the VPN router (example 2), but a separate DHCP server (like the DNS) to configure the network would be needed.
If you are really interested in this as a solution, let me know and I will run some tests. First you need to check with your ISP and see how many IP addresses you get. I have WOW and I get up to 5 dynamic address, so I use 2 of them for my set-up. I do this because my outgoing router is much better and more versitile than the one with the VPN, so I keep the VPN router for VPN traffic only.
Offline
Did you ever decide on what you were going to do?
Offline
bq041, have you try to install and run OpenVPN in the DNS-323? I am just curious
Offline
No, I have hardware VPN into my network, so I have no need.
Offline