haiki
New Member
Posts: 5
|
Post by haiki on Apr 14, 2007 17:10:39 GMT 7
I have just looked into using the FTP server on my Thecus, and via the web interface I set up some users (with passwords), created some folders I chose not to be public, and gave the users access to some or all of these via ACL. Now I can see that access to folders is restricted by the user name, but any password works regardless of the password that given to the specific user in the web interface. Does that mean it's not possible to password protect access to the Thecus FTP server? And if that is the case, how would I best go about restricting access to the server? By using cryptic user names?
Thanks, Nils
|
|
|
Post by getmythe on Apr 14, 2007 19:50:42 GMT 7
Hi Nils,
I had a look at how users are authenticated. To say it bluntly, the code is completely broken. As long as you specify a valid user you will always be accepted regardless of what password you enter. For those of you who would like to know more have a look at the broken authentication script /app/bin/auth.sh
getmythe
|
|
haiki
New Member
Posts: 5
|
Post by haiki on Apr 14, 2007 20:11:37 GMT 7
Thanks for looking into it, getmythe! I'll send a note to Thecus support, and hope they sort it out in a future firmware version Nils
|
|
|
Post by getmythe on Apr 15, 2007 1:18:46 GMT 7
a little sed magic can help!
Put the line below in a small shell script and copy it into the startup directory of module META
sed -i "s#\\\'#\"#g" /app/bin/auth.sh ... or download META version 2.1.02 which already contains fix_ftp_auth.sh ;D
getmythe
|
|
haiki
New Member
Posts: 5
|
Post by haiki on Apr 15, 2007 15:21:06 GMT 7
Brilliant, installed the latest META module, and now works as it should. Thanks! While we're on the subject, I have a FTP server installed on my main computer called CrushFTP, which has a feature I really like- it allows one to direct users to "their own" folder on log in. This way they never encounter/see all the folders that they do NOT have access to from the root folder. That was probably not very well explained, but I think it's a fairly common feature, so hopefully you'll understand Is it possible to set up something similar for the Thecus FTP server? Nils
|
|
|
Post by getmythe on Apr 15, 2007 19:25:45 GMT 7
The closest to what you want would be module FTPAccess
|
|