hey wats the difference between the groups (wheel, nogroup etc) and the shell(csh, scponly etc).
Also how secure is SFTP through SSH with the settings selected above. Is it quite good?
Also I have setup 2 user accounts for this one for me and another for guest, is there anyway of changing the permissions for the guest so they can only read not write/delete. Also I can access one of the folders in my volume. It was a backup folder which was synced from my computer (through a comp program). Is this caused by the program or something else to do with freenas?
Cheers
The difference between shells is csh allows an SSH client to login (ie via PuTTY) and execute terminal commands (can be potentially bad).
Setting it to scponly lets them use SFTP but disallows SSH client login, theoretically making it more difficult to break anything.
The groups determine what files they have access to.
For example, I have these users:
me
brother
mom
dad
and this group
family
for 'me', I am primary group wheel, because I want access to everything (basically same as root I guess)
for 'brother', primary group 'nogroup' (i don't want him messing with any root files)
he has his own files in a folder '/mnt/data/brother' that is chown to user:group 'brother:wheel' (this way he can access them, and so can root/wheel, but nobody else)
the same is done for 'mom' and 'dad' in /mnt/data/mom and /mnt/data/dad respectively
we have shared files in a folder '/mnt/data/family' that is chown to user:group 'www:family' that allows anybody in 'family' group to access them.
in order to allow 'brother', 'mom' and 'dad' to access the 'family' shared folder, we modify their 'auxiliary groups' and add 'family' group.
Now they can access /mnt/data/(brother/mom/dad) because of user rights, but it is protected from cross-user access (mom getting into brother's stuff etc). They can also access /mnt/data/family because of group rights.
So this is just an example based on my own setup. You can really customize it however you want by setting up the users/groups and using chown.
For your case, say you have the folder /mnt/data/ftp/ that you want to share.
you have a user 'me' which you will want to put as primary group wheel, since you will obviously want full access.
you have a user 'guest' which you will want to put as primary group nogroup since you don't want them to have full access.
you don't have to create any extra groups.
go to your /mnt/data/ folder and do an 'ls -l'
hopefully your ftp folder is set to drwxrwxr-- root:wheel
if not you will need to change the permissions\ownership
change ownership
Code:
chown -R root:wheel /mnt/data/ftp
change permissions
Code:
chmod -R 774 /mnt/data/ftp
This should change the permissions to make it so that 'other' people who are not user 'root' or not in group 'wheel' will have read-only access.
Accessing SSH via password login is more secure than not using SSH.
An extra security step would be to generate certificates and use passwordless login. This means that you have specific 'key' files (certificates) that you install on the client side which allows SSH to authenticate without having to enter a password.
For example, when you are using normal authentication and you login through PuTTY, you will be prompted for a username and password.
With certificates, you install the certificate onto the client machine and as soon as you connect PuTTY will automatically authenticate with the server and connect you.
This would apply the same to SFTP (normal authentication which requires username/password combination vs. certificate authentication which is passwordless).
I'm not exactly sure what you mean about your backup folder but I hope I've answered your other questions.
