stefano fontanini's picture

Hi! i' had just try the turnkey fileserver appliance and i have some problem with the user permission.

I create a read only user using the admin account in the fileserver and when i try to log in with the new user he can only navigate and view the file in the directory, the download on any file give me this error:

---------------------------------------------------------------

2 ERRORE(I),
Notice: Undefined index: message in /var/www/extplorer/include/result.class.php on line 123

ERRORE(I):

Non sei autorizzato ad utilizzare questa funzione.

---------------------------------------------------------------

how can i create a read only user allow to download file from fileserver?

Thanks

Stefano

 

 

 

-------------------------------------------

 

Can someone help me please?

Forum: 
Jeremy Davis's picture

make sure you allow file permissions.

In the Fileserver you have share permissions (coresponding to Samba users) and file permissions (coresponding to Linux users). You need to double check that the Linux & Samba users are syncronised and that the user has read/write file permissions (as well as read/write Samba (share) permissions).

I think file permissions can be edited in the Samba Webmin module too, but I've always used chmod from the CLI. The Webmin File Manager also allows file permission editing (click file/folder >> Click Info button).

Jeremy Davis's picture

but it seems it is a completely separate system.

Within Webmin on the TKL Fileserver appliance there are 3 different types of users: Webmin users (Webmin>>Webmin users), Linux users (System>>Users and Groups) and Samba users (Servers>>Samba). They are all separate user databases although they can be syncronised. Unless you want others to be able to administer the server, forget about Webmin users (they only apply to logging in to Webmin).

It seems that eXtplorer has its own user database which does not correspond to any of the other user groups so to syncronise these users you must do it manually. There may be a script or something floating about to automate it (although I couldn't find any mention of one after a brief google).

A quick glance on the eXtplorer website, seems to confirm my suspicion that eXtplorer users are specific to eXtplorer and are not Linux (or Samba) users. As far as the OS is concerned all the file operations conducted through eXplorer are actually performed by the web server (ie the user www-data). This is possibly (probably) unavoidable as common practice dictates that web servers and applications (such as eXtplorer) run under the www-data user account. The only way I can think that you could do what you are hoping for would be to have separate apache/php/eXtplorer processes running (each on a separate port) for each individual user. Each user would then only be able to log into their specific instance (using their specific port), also the eXtplorer users would still need to be set up separately. Obviously this would be completely impractical from an administrative perspective and would require a powerful server if you had many different users.

Under default setup or as long as the www-data user is also a member of the group for Samba users (often smbusers) then it shouldn't pose any usability problems. However I suspect that this could open a potential security hole if you also allow Linux users to log into the server itself. If you do that then they would have default access to all files available (to any user) under eXtplorer.

So your experiences with eXtplorer are not specifically by design but are a result of the way web servers and web services run under Linux. There is probably no workable way around this and as I said, although somewhat of an oddity to your average user is probably not going to be a concern at all.

Just to echo what you've just said, I've found the exTplorer site remarkably unhelpful and ultimately scrapped plans to build it into an appliance.

Alon Swartz's picture

This thread is becoming very similar to this one. You might want to take a look at my comment.

Jeremy Davis's picture

It is becoming very similar :) Sorry that I didn't read your posts before my last mammoth post! I possibly got a bit carried away. :) I started my reply before yours and it took me a long time (along with interuptions) and didn't refresh the page prior to posting. It sounds like everyones getting it sorted out though which is good.

Jeremy Davis's picture

but as that sort of programming is way above my pay grade I won't be too vocal in my complaints! From a brief (well actually not that brief) look over the eXtplorer (SourceForge) forums it looks like it may be a one man show. The activity seems very limited and there are fairly basic questions dating back years with no response. The news page shows that the last stable release was nearly 18mths ago with the most recent beta about 14mths ago.

@Guest:

WebMin >System>Users & Groups, it is my understanding (please correct me if I'm wrong) the addition of users/groups there are then added to the Linux user/group databases.

Yes that's correct.

And a sync of linux to samba users/groups may be required to get them to be samba users/groups. Unless the sync is automatically done by the option settings in webmin.

Yes again. I can confirm that if you set it to auto-sync (which BTW I read somewhere TKL Fileserver should do by default - but mine doesn't) it will. I tested it.

Where this is going is to me and my thinking is that extplorer should then follow the linux users (like the Syno filemanager) but as we've discussed it does not.

I agree that this would be the ideal situation.

And I would like believe the reason is in the /etc/lighttpd/lighttpd.conf file. The entries of;
server.username = "www-data"
server.groupname = "www-data"

By my understanding this is correct.

I imagine your idea of the user being dynamically created should in theory work. I suspect the reason it didn't from your tests is because all file permissions for all files/folders would also need to be dynamically changed to this user account. Also you would need to stop the current service and then restart it under the new user. It may be possible to have a web server running under www-data that allows log in and dynamically spawns a new web server running under a different user account. How well that would work I don't know and I suspect (as with most things) the more complex it gets, the greater the chance of bugs and security issues occuring. Without a far greater knowledge of programming I just don't know whether your idea would be feasable (especially in a production environment).

And some of this may be an extplorer issue not a TurnKey issue.

Well it's definately an eXtplorer issue but as TKL consists of a conbination of individual open source projects into a complete appliance, an issues that exist in any of the individual components, then also exist in the TKL appliance. I suspect that the eXtplorer dev would not necessarily consider the current function an 'issue' as such, but your ideal functioning a 'feature request'. Perhaps you could suggest it? And/or perhaps you could contact Synology and suggest they open source their file manager :)

DaveVM's picture

Jedmeister,

Finally registered as a user.

Once again thanks for the detailed response, and confirming my beliefs on how I was seeing things work.

Alon,  thanks as well and yes that thread is very similiar to my expieriences as well. It also confirms my findings, so I don't feel like I was missing something in setup and so forth.

I have to agree with you on the lack of info at the extplorer site. So I went looking at the Snyo site and will as you suggest see if indeed their file manager is open source and if not, ask if they would make it open source.

Though to that end I ran across an interesting (to me anyway) open source possible replacement, which may or may not be known to the development folks;

AjaXplorer

Current Version: AjaXplorer 2.6.1 (LGPL license)
Browser Compatibility: FF2 & 3 , IE6+, Safari, Opera, Google Chrome.

Don't know if it would work but... just my three cents.

Thanks again and I appreciate the friendliness of the folks here, it is welcome.

Dave
 


Jeremy Davis's picture

but before I pass too much judgement I'd like to actually try it out (more than the demo allows). Its definately under much heavier development than eXtplorer and has quite comprehensive documentation from a quick browse. I also note that it has a plugin system which sounds like it gives the potential to be incredibly flexible with allowance to custom integration scenarios.

Nice find!

DaveVM's picture

JedMeister,

It looked interesting to me as well, but being a neophyte with all of the Linux stuff, I figured I would just pass it on. And yes it does seem to be supported.

I started with computers back in the TI-99/4A days and moved on to Commodore 64's and 128's then into the PC world with DOS 3.3 - 5.0 then Win 3.1 and all of it's iterations since. Done some website building as well, nothing major. So with the DOS days and everything else behind me I can somewhat understand linux - enough to be extremely dangerous! Dating myself I know! And I've slowly become frustrated with the offerings from Redmond, WA for quite some time. Though I've not had enough time to fiddle with linux in the past more time is becomming available.

So from all those computers - I still have a few laying about and figured I could setup a fileserver that might do what a Syno box does, for a whole lot less money.  My goodness though the Syno box was practically "plug-n-play" and from that I "thought..." it would be easy to get something setup here for the house. But...

So now I'm playing with the fileserver app to get it up for sharing throughout the house and hopefully externally for the family - those are my goals anyway. (I'm close to where I want to be with the setup, and would be if I were not so particular. The good thing though is I'm still learning.) It was with those goals in mind I stumbled onto AjaXplorer, because it seems to be easy and hopefully easy enough for the family as well.

Got off on a tangent... Sorry.

Thanks JedMeister

Dave


Liraz Siri's picture

I took a look at the demo and I'm impressed. It might be a better alternative than extplorer if we can work out the integration. Extplorer has a pretty wicked integration itself (e.g., the requirement to run a private FTP server bound to localhost and all that nonsense) so I doubt AjaXplorer could be any worse.

Definitely worth looking into for the next version of the file server appliance.

Jeremy Davis's picture

Which can't be a bad thing. Although I'm not sure exactly what has changed. But I guess we will wait and see what the devs decide to do in the TKL v12 release. Whether they stick with eXtplorer (I would assume updated to the latest stable version) or whether they go the AjaXplorer route.

Out of interest what features are missing from eXtplorer vs AjaXplorer in your mind? It'd be useful to hear from someone who has now used both, and may be an influence in the dev's final decision.

Jeremy Davis's picture

And they seem to have made a number of releases since the version included with TKL (at the time of inclusion I think development had all but stalled). Development has  moved to a new website hence why the page you looked at perhaps seemed abandoned (the most recent commit to the v3beta was less than a month ago). Although it does still seem to have a small dev crew (all commits seem to be by the one guy?!)

I haven't seen any screenshots but I suspect that the newer version(s) look a little more up-to-date (especially seeing as the dev seems to have been very focused on integration with Joomla).

I did notice that AjaXplorer does seem to have more active development and does look nice, but on my brief preusal, whilst it does seem to have a lot of plugins etc, the documentation doesn't seem all that noob friendly. One thing that really appeals to me is the idea of being able to use Linux users as AjaXplorer users (vs having a user DB all of it's own as it is by default - the same as eXtplorer). From what I could gather it is theoretically possible, but I could not find clear details on how you would actually go about it, just vague reference to the idea and links to a doc page which didn't specifically mention it at all...

Another thing that I had no joy in trying to locate with regards to AjaXplorer was how you can batch add multiple users. Despite the fact that eXtplorer techincally doesn't support that usage either, there are clear instructions on how it can be done.

Another advantage that AjaXplorer seems to have is the single sign on possibilities (although perhaps with eXtplorer's new found Joomla integration that is easier with that too?) The idea of plugins makes lots of sense I think and definitely makes extension/developmet much easier for interested and motivated community members.

I think you are right about ownCloud not (yet) being a replacement, so I won't consider that much more for now. I think there is quite a good case for transistion to AjaXplorer but I guess it will depend on whether the devs have time to look at configuring it to ensure that it provides the same functionality OOTB as eXtplorer currently does. And whether they'll have time and energy for that...?

I guess if you are personally particularly interested in pushing forward the idea of transitioning to AjaXplorer you could create a Fileserver TKLPatch that swaps out eXtplorer for AjaXplorer. That would save the devs the time and effort of having to explore it all themselves and may make it more likely to be included in the next TKL fileserver release (although obviously not a guarantee).

Jeremy Davis's picture

So if you are handy enough to be able to swap out eXtplorer and install AjaXplorer then IMO you will have no trouble creating a TKLPatch. TKLPatch docs are here. In it's simplest form a TKLPatch is a conf script (basically an install script) along with a collection of files (overlay/) which will overlay the root filesystem.

Rather than reinvent the wheel and give you the whole speil about it, perhaps have a read of the docs and ask me any questions you have. I certainly don't profess to be any sort of Linux/TKL/TKLPatch guru but I have had quite a bit of experience with TKL/TKLPatch and feel fairly confident that I could answer most questions you might have.

Even if you can't be bothered/haven't got time, if you could post clear instructions on how to do it (detailing exact commands as much as possible), when I get a chance i could package it as a TKLPatch for you.

As I posted below, I have created an ownCloud patch. It has been designed to be applied to TKL LAMP (not Fileserver) but with some tweaking it could be applied to Fileserver. That would either require installation of Apache/MySQL/PHP or install of MySQL (possibly PHP too? Not sure whether that is there already or not?) and tweaking of the patch to use LigHTTPd webserver (which is already installed by default in Fileserver - it's what serves eXtplorer).

Jeremy Davis's picture

From where I sit, they seem to be fairly good open source citizens. I don't have an issue with them making money. Open source programmers need to eat too. Selling ownCloud as SaaS and/or support contracts makes lots of sense I think and is potentially a good way to monetise the project; even having a few 'premium-only' features is not completely unreasonable IMO (as long as the base 'community' open source version doesn't become crippleware). From what I can gather they aren't selling it SaaS ATM but they do have a couple of 'premium' versions (which include support - see the comparison chart here). It even looks like someone is in the process of packaging the ownCloud server software for Debian (here).

From my research, it seems clear that the sync client is open source too - although sadly there doesn't seem to be an official pre-build .deb as of yet, only .exe (Windows) or .rpm (Fedora/openSuse). Seeing as the project was born from KDE and an ownCloud VP is ex-SUSE (which AFAIK uses KDE as main desktop) I imagine that most of the focus will be on openSUSE/KDE/Qt. So I doubt we will see an official .deb client very soon, especially not a GTK one (which I would prefer seeing as I use Bodhi Linux), but who knows...? And as I said it's open source, so nothing stopping anyone from building a .deb from source (looks like someone is working on it already). I'm hoping that the Qt dependancies aren't too huge though...

Jeremy Davis's picture

Have a look here. But it's built on top of TKL LAMP rather than Fileserver. Using Fileserver as a base is not a bad idea though. I never even considered that it could in fact be a replacement for eXtplorer.

Perhaps I should rebuild it to suit TKL Fileserver as an eXtplorer replacement? I assume that'd it'd run under LigHTTPd although I don't have much experience with it.

Jeremy Davis's picture

But as it is built for Apache that is probably easiest to get going. FYI the official config info for nGinX and LigHHTPd can be found at the bottom of this page.

Jeremy Davis's picture

It's not quite an eXtplorer replacement as it is to be applied to TKL LAMP (and so runs on Apache) but it should allow people to give it a proper test and compare it to eXtplorer. Get Rik's patch here and TKLPatch docs here. Any questions regarding Rik's patch would be best asked on his thread, questions regarding patching should hopefully be answered in the docs, otherwise start a new thread (and I'll see it).

Add new comment