Unsolved
This post is more than 5 years old
1 Rookie
•
107 Posts
0
7589
July 11th, 2013 02:00
FTP troubles: Access to a specific folder, FTP service trouble
Hi everybody,
I have some FTP troubles with a small four node Isilon cluster. The cluster is running OneFS 7.0.1.5 with SmartConnect Advanced. For Authentication the cluster is joined to an Active Directory.
The Isilon storage is used for broadcast application, storing audio/video media files and metadata and storing data of a MAM system. For (remote) file ingest the customer want to use FTP. There is a given folder structure which is used by the MAM system. Home directories (for the AD users) are not used.
For example there ist the folder /ifs/data/media/MAM/ingest/ingest_extern
I suppose that there is not the possibility to connect FTP and the AD users. Because of that I created a local user called ftp.ingest. A local user is ok too.
I want that this user is able to connect via FTP to the cluster directly to the folder obove. And - of couse - only have full read-write access to that folder and not to the other folders (e.g. the root). This user should not see, read or change any other folder of the storage aside the definied folder(s).
How can I realize that szenario?
I checked and tested some of the ftp options (local-root-path, chroot-local-mode, etc.) but nothing went to success. Here the actual isi ftp list
accept-timeout 60
allow-anon-access NO
allow-anon-upload NO
allow-dirlists NO
allow-downloads YES
allow-local-access YES
allow-writes YES
always-chdir-homedir NO
anon-chown-username root
anon-root-path /ifs/home/ftp
anon-umask 077
ascii-mode off
connect-timeout 60
data-timeout 300
dirlist-localtime NO
dirlist-names hide
file-create-perm 0666
local-root-path /ifs/data/media/MAM/ingest/ingest_extern
local-umask 077
server-to-server YES
session-timeout 300
user-config-dir
denied-user-list (none)
limit-anon-passwords NO
anon-password-list (disabled)
chroot-local-mode All local users chrooted; exception list inactive
chroot-exception-list (none)
At the user options for the new local user I can define a home directory. It would be ok for the one ftp user if the home directory is the ftp directory above. But I cannot put the directory in that user home directory field. The GUI shows an error:
Your user edit was not saved
Error #1: The requested home directory (/ifs/data/media/MAM/ingest/ingest_extern) is in use by someone else.
The second problem is related to the ftp service itself. Although the FTP service is enabled in the WebGUI the small round circly at the FTP settings page is red. The mouse over tells me "Service is not running on any nodes". In the event history (WebGUI) I find following event concerning Node 1:
Ancestry: Root event
Instance ID: 1.162
Start time: 2013-07-10 19:56:44
End time: --
Quieted time: --
Event type: 400030001
Category: Software events
Message: Process vsftpd of service vsftpd has failed to restart after multiple attempts
Scope: Node 1
Update count:
Event hierarchy: Normal event
Severity: warn
Extreme severity: warn
Value: 0.0
Extreme value: 0.0
I looked at the command line on every node at the running processes (isi services -a) but the vsftpd server is enabled at every node.
What is happening there? What is causing this error and how can I solve it?
Maybe someone can support me solving these issues. If there are workarounds that would be great too.
Thanks.
christopher_ime
4 Operator
•
2K Posts
0
July 11th, 2013 20:00
In regards to one part of your question, refer to the following KB articles:
emc14001307: "Restricting FTP users to their home directory"
emc14000926: "Locking FTP users into their home folder with vsftp"
EDIT: Added second KB article
philippspohr
1 Rookie
•
107 Posts
0
July 12th, 2013 00:00
Thank you for the answer. The two KB articles would be very helpful if I could change the home directory of the ftp user to the specific existing folder /ifs/data/media/MAM/ingest/ingest_extern.
But I cannot change that directory as I wrote above. If I try to change the home directory I got an error. So I created for testing another directory /ifs/data/FTP and used that directory temporarely. And I got the same error by trying to change the home directory back to /ifs/home/ftp.ingest.
It seems that it is not possible to chose an existing folder (which maybe already contains data and subfolders) as the 'home directory' for an local (ftp) user. After I deleted the home directory of the user (/ifs/home/ftp.ingest) I was able to change the home dirctory in the user settings back from /ifs/data/FTP to to that path.
But I do not want to create a new home directory folder. I just want to use an existing folder.
philippspohr
1 Rookie
•
107 Posts
1
August 19th, 2013 04:00
Does anybody have an answer to my second question?
Because now we have the problem that we cannot connect anymore to the cluster. Everytime I try to connect the ftp clients show permission denied. Here is the log of my ftp client:
Status: Connection established, waiting for welcome message...
Response: 220-Isilon OneFS v7.0.1.5
Response: 220
Command: USER root
Response: 331 Please specify the password.
Command: PASS *******
Response: 230 Login successful.
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (172,22,16,15,70,116).
Command: LIST
Response: 550 Permission denied.
Error: Failed to retrieve directory listing
How can I make the ftp service up and running?
mayte1
1 Message
0
August 10th, 2015 12:00
Hi Philip,
I am experienced a similar issue, I have one FTP usser account and doesn't allow me to add a second account for thr same folder?
Did you found a solution?
Mayte