How can I hide shares from FTP

PokeADonkey · March 15, 2013, 7:45pm

Hi,

I’m new to the MyBookLive community so firstly “hello”!

I’m trying to set FTP up such that I can only gain access to a very specific share called “Transfer”.

I’ve created the share and a specific username/password for FTP use and have my public IP address for same.

I’ve enabled the FTP network option and am able to log into FTP using my public IP via FileZilla (albeit locally, which may be having a loopback effect on my DSL firewall); however I’m seeing the other shares I’ve setup which I need to remain hidden for private use only.

I’ve tried to disable access to the other shares using a variety of techniques available throughout this newsgroup (such as setting deny_file=MyPrivateShare and hide_file=MyPrivateShare options to /etc/vsftpd.conf and setting “browseable = no” within the shares as defined within “/etc/samba/overall_share”), however while I can disable directory listing on the contents of the shares I wish to keep hidden the share directories themselves do not disappear.

The reason why I want to hide the share directories themselves is because many of the folder names within describe the contents within and as such disclose details to FTP which I’d otherwise want to keep to myself (nothing illegal, just that family member names etc., are part of the directory names).

I’ve some basic knowledge of Linux, not enough however to figure out what I need to do without potentially bricking the box.

Can anyone please either explain where I’m going wrong or point me in the direction of existing articles etc., that helps me out.

Apologies if this topic has been dealt with before, I just know FTP setup is either very simple (according to the manual) but less secure or seemingly more difficult (unless experts in Samba setup etc.) but more secure.

Essentially I want to setup FTP to a very specific share only with no possibility of other shares being exposed to the web.

Once that’s done, I can then attempt to setup / use Secure FTP :confounded:

Cheers all and many thanks in advance! :smiley:

nfodiz · March 15, 2013, 10:35pm

SSH in and

nano /etc/passwd

Find the user you added (In my case “bill”) and edit his dir from /shares to /shares/Transfer

example

bill:x:1000:1000:,2,,:/shares/Transfer:/bin/sh

Hit control o

then hit enter

then control x

This will save your edited passwd file and close nano

In terminal or putty, restart vsftp

MBL3TB:~# /etc/init.d/vsftpd restartStopping FTP server: vsftpd.Starting FTP server: vsftpd.

I have jailed this user to only have access to the Transfer share via FTP

Here is some sample output before editing user “bill”

login as: root
root@192.168.1.4's password:
Linux MBL3TB 2.6.32.11-svn52288 #1 Wed Oct 26 18:57:59 PDT 2011 ppc

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Disclaimer: SSH provides access to the network device and all its
content, only users with advanced computer networking and Linux experience
should enable it. Failure to understand the Linux command line interface
can result in rendering your network device inoperable, as well as allowing
unauthorized users access to your network. If you enable SSH, do not share
the root password with anyone you do not want to have direct access to all
the content on your network device.

MBL3TB:~# nano /etc/passwd
  GNU nano 2.0.7 File: /etc/passwd

libuuid:x:100:101::/var/lib/libuuid:/bin/sh
sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin
ntp:x:102:104::/home/ntp:/bin/false
mysql:x:104:108:MySQL Server,,,:/var/lib/mysql:/bin/false
statd:x:105:65534::/var/lib/nfs:/bin/false
avahi-autoipd:x:106:109:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
messagebus:x:103:106::/var/run/dbus:/bin/false
avahi:x:107:110:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
ftp:x:108:1001:ftp daemon,,,:/srv/ftp:/bin/false
Debian-exim:x:109:104:Debian exim,,,:/nonexistent:/bin/false
daapd:x:501:1000:forked daap daemon,,,:/shares:/bin/sh
guest:x:500:1000::/shares:/bin/sh
admin:x:999:1000:System Administrator,1,,:/shares:/bin/sh

bill:x:1000:1000:,2,,:/shares/:/bin/sh





^G Get Help ^O WriteOut ^R Read File ^Y Prev Page ^K Cut Text ^C Cur **bleep**
^X Exit ^J Justify ^W Where Is ^V Next Page ^U UnCut Text^T To Spell

PokeADonkey · March 16, 2013, 11:24am

Many thanks nfodiz, that worked a treat!! :smileyvery-happy:

primerpremio · April 23, 2013, 3:50pm

At the end…!!!

The ftp behavior that I was looking for, thanks for your post.

Terabyte2000 · May 31, 2013, 7:31am

Hello

Thanks. That works.

WD should include this in the Webinterface!!!

Lightingman2003 · June 2, 2013, 6:46pm

I agree with Terrabyte2000! Ive been searching for answer to exactly that question for ages, and just found it!

Thanks sooo much!!

sunky · June 11, 2013, 2:53pm

Hi Guys,

How do you create an FTP for users. I have it enabled via dashboard.

MBL Novice

nfodiz · June 11, 2013, 3:06pm

Just create a user in the dashboard with a password or use the default user admin and the password you set for him to login.

sunky · June 11, 2013, 3:24pm

Thanks for the prompt response, much appreciated!

I will try to explain as clear as possible my intentions.

I have all my files in my MBL Smartware folders (Subfolders are MUZ and PHOT)

From your suggestion, I have created with my admin priviledges a user in the dashboard called James.

Now, James, a friend is in a different country and needs to be given access to ONLY the subfolder in my smartware folder titled MUZ.

My understanding of FTP is having address that looks like this ftp://…blablabla

Is that correct.

How do I create access for James remotedly?

Thanks so much again.

nfodiz · June 11, 2013, 3:46pm

You need to follow the guide up top to lock user James to the MUZ folder

http://community.wd.com/t5/My-Book-Live/How-can-I-hide-shares-from-FTP/m-p/550450/highlight/true#M19956

You would need to change the line for user James to look similar to this

James:x:1000:1000:,2,:/shares/Smartware/MUZ:/bin/sh

that would be if the path to MUZ is /Smartware/MUZ as I’m now sure what you path looks like I’m just using an example

if you need help with SSH and PuTTY or Termimal let me know as that is how you would need to make the changes

Yes ftp://James:his password@123.123.123.123 from a web browser should work 123.123.123.123 being your WAN IP adrress

Or he could use an FTP Client app

You would also need to forward port 21 in your router to the MBL is you are accessing this from outside your home network so use a very secure password

Better yet forward an external port say 34567 to internal port 21 on your MBL in your router if it supports it

Please let me know if you are following me ok, as sometimes I assume users know things they may not

sunky · June 11, 2013, 4:04pm

very valuable contribution…thanks mucho!!

just for clarification,

I take it that james woould be able to access the mbl by this MBL anywhere in the world with the ftp address?

how do i generate the ftp address for james?

do i have to create it manually… ftp://james…not sure how to do this (still vague)

assuming my ip address is 190.160.0.9, James password is Jates, how do i create an ftp address for him to use.

thanks nfodiz

nfodiz · June 11, 2013, 4:14pm

ftp://James:Jates@190.160.0.9

Available anywhere as long as you forward the port in your router

sunky · June 11, 2013, 4:18pm

Best contributor!!!

nfodiz · June 11, 2013, 4:19pm

test it all locally to make sure everything is working right first as well by using the MBL internal IP address

It would be something like

ftp://James:Jates@192.168.1.123 (This would be whatever the internal ip address of your MBL is)

Make sure he is locked to the folder like you want

sunky · June 11, 2013, 4:21pm

on Forwarding port.

Apologies for all my apparent ‘stupid’ questions. Once I know it…I know it for life!!!

Am I required to forward port on BOTH MBL and ROUTER or I can either do that any of them item.

I am conversant with putty, do I need to change putty port to whatever port I change my MBL/ROUTER to.

Does this port need to be changed back if I need to use the FTP within my home?
Is there option to give access to James for MUZ through wd2go.com

cheers

nfodiz · June 11, 2013, 4:29pm

No just login to your router and find port forwarding usually around the WAN settings page and forward the port to your MBL IP address
Nope
In wd2go I believe you can only set access at the share level. So if you gave him access to the Smartware share he would have access to everything in that share.

Correct me if I’m wrong anybody as my mind isn’t what it used to be lol

sunky · June 11, 2013, 4:33pm

lol.

DLNA enabled, secured deviced already with a password via dashboard.

Is it possible for neighbours to have access to my server/folders after securing device especially if some of my files are in my MBL public folder?

thanks

nfodiz · June 11, 2013, 4:40pm

If you have a hacker living next door there’s no telling what he can do If you have everything setup with strong passwords you shouldn’t have any issues, except for that hacker neighbor hehe.

Nothing is 100% secure

sunky · June 11, 2013, 4:45pm

:smileyvery-happy: @ If you have a hacker living next door there’s no telling what he can do :stuck_out_tongue:

I have always assumed the only way your files can be accessed is if someone logs in to thesame wifi and ip address as you.

thanks mucho!!!

nfodiz · June 11, 2013, 4:52pm

No problem, let me know if you need any further assistance