Restricting ftp file access

Is there a way to have multiple shares on the EX4 set up with ftp access and restrict someone from seeing all of them? For example, I have a few shares with ftp access and I give someone the web address to a specific share. What I dont want them to be able to do is have the parent directory button so they can get out to the other ftp shares. Im not as network savy as I would like to be but I have some what of a clue. I do have DDNS set up and it does work. Although oddly enough, after the last firmware update, within network settings where you set up the DDNS server, that shows the connection failed but it still works. It showed success before the update. I do not have any of the ftp shares set up as public. I was hoping that would work but it did not. Hopefully that all makes sense and there is an answer for it. Thanks in advance.

They cannot go into other shares via ftp to which they don’t have read privs. And I am only talking about FTP…but since you used the phrase “giving someone web address” I just want to be clear that we are talking about FTP here and not anything using web. But if you were thinking about Web File Viewer app, even for that the permissions thing holds true as well, just like FTP.

That isnt true, you can get to any share that has ftp access turned on. I have a dyndns service set up on the EX4 so if i type in ftp://my hostname.dyndns.org/share name/file to my browser, I have the ability to hit the parent directory button and go up directories until I can see everything. Thats what I need to prevent. I want to prevent access between shares, between folders would be better but I would settle for shares. 

csandhmech wrote:

That isnt true, you can get to any share that has ftp access turned on. I have a dyndns service set up on the EX4 so if i type in ftp://my hostname.dyndns.org/share name/file to my browser, I have the ability to hit the parent directory button and go up directories until I can see everything. Thats what I need to prevent. I want to prevent access between shares, between folders would be better but I would settle for shares. 

First of all this is the EX2 sub-forum and you are talking about your EX4 but I believe the EX4’s behavior on this is same (the mods might move this to EX4 subforum if they see it).

Second, I do use dydndns service and just tried using the dyndns hostname to come in from outside using an usernsame who has access restricted to only one folder and I was unable to go to the parent directory. But I looked at your response closely and I see that you are using the address sharename/file. Well…the address really should end with sharename. Anything under the sharename will be available to whoever has been granted read privs to that share - but they cannot go above that directory (the share directory). So I do not know why you are seeing anything different - UNLESS you are talking about folder levels inside the share name - in that case of course…anyone can traverse all the way to the top of the tree of that share…they just won’t be able to go above that. See my screenshpt here →   http://i.imgur.com/1JQgpet.jpg

I clicked on the EX2/EX4 forum and this is where it took me so I assumed this was the right spot. I’m not sure what these read share privileges are you’re speaking of. The only choices available for FTP files are anonymous none, read, or read/write. That will show you all the shares with ftp access plus a USB connected hard drive that I don’t have ftp access turned on for some reason. You can skip around in the various shares and hit the directory up button till you get back to that main page. What I did was give someone the web address to a file with in one of the shares but while I was making sure it worked, I found out I could get out of that share and see all the shares with ftp access. I do have 2 2TB hard drives plugged in to the USB ports on the EX4 and am using on of them as an ftp share. The other FTP share is on the EX4 itself. Could that be what it is and they just don’t have the USB connected items secure within the firmware yet? I think we just got the ability to make them private a few firmware versions ago.

For future reference, when you click the EX2/EX4 forum you are not brought here…you come here by clicking the EX2 forum link. EX4 sub-forum is here →   http://community.wd.com/t5/WD-My-Cloud-EX4/bd-p/mycloud_ex4

Anyway, first you should not put your ftp address in plain sight like that. I took a look and the reason I was able to login is because you must have enabled anonymous login…which I strongly suggest you disable immediately. Only set none, read or read/write privs on the shares. And again I urge you to immediately edit your previous message and remove the ftp address…it is not a good idea to post it publicly.

I just had the thought that maybe that anonymous none, read, read/write doesn’t work the way I was thinking and that’s where the issue is. If it wasn’t almost 4AM and I wasn’t in bed typing this, I’d give it a try. My original thinking with that was that share A, I want some only to be able to read the info so I would set it to anonymous read. Share B I would want some to be able to read the info, alter it, and upload the changes to it so I should set that to anonymous read/write. I might not of guessed what all that meant correctly. I’ll give it a whirl later and see what happens. Lol, I see you basically just said that. I should of looked before I posted this. There isn’t anything on the drive that’s a big deal so I wasn’t worried too much about someone getting in but I took it out.

It’s the EX2/EX4 & sentinel series link that brought me here, honest. I didn’t navigate out of that. I bet I went into the recent posts looking for an answer and it took me to EX2 without me realizing the forum was further split up. I just added this post to where ever I was thinking I was in the EX2/EX4 & sentinel series forum. Oops.

OK here is an update after some testing. Apparently any USB connected drive to the EX 4 will show up on the FTP file directory no matter what you have the log in type set to (anonymous none, anonymous read, anonymous read/write) even with FTP access turned off. I will send something in to support in the hopes that is a bug. We certainly cant have that going on. When setting a share on the EX4 to anonymous none for FTP access, you can no longer get to it with a web browser. It doesnt show up in the FTP files anymore and a web browser pointed directly to it will give you a page unavailable error. I can not have that either. I must have the FTP share able to be reached via web browser by anyone who wants to see the contents. They would be anonymous. They would not however be able to go up directories to see all the ftp folders on the whole drive. Thats how I need it to work but it doesnt seem possible as of yet. I must leave everything either anonymous read or anonymous read/write depending on the share needs.