I've recently factory reset a RN316 on OS 6.5.1 and I've enabled FTP access on OS 6.5.1 using this with Authentication Mode as 'user', however it does not set location of the FTP user home folder correctly, instead it gives access to ALL users home folders on the NAS. I log in via FTP with a standard 'user' u/p, goes to /home/ directory by default, and lists of all the user home folders. It should only go to the users' login directory, not /home/ for all users, Username: TestPassword: Testusing an FTP client (FileZilla), it logs into the /home/ and lists ALL the users directories as sub-folders + files & subfolders therein... all home user folders are listed as 'drwxr-xr-x 1 admin admin', so if FTP'ing as admin accessing then would make sense, but I'm using a non-admin user FTP login (its just a plain user) and I have access to all the other users folders? I've looked for the FTP sertings in the Home Folders setion as per here under the "Access" table (ie you can Enable FTP on Home Folders, but there are NO settings on how FTP behaves in this section) Am I missing something here? ps I've also enabled 'Enable FTP Server Log Transfer' yet it does not log anything...

Has anyone used TFTP Server - can it be used with Home Folders? is it configurable (IP black/white lists, retry attempt count, link IP per user account, etc)

I found the issue with ProFTPD giving full access to ALL the user home folders.... This is from a factory reset of OS 6.5.1 and by default (when FTP is enabled), ProFTPD has the /etc/frontview/proftpd/User.conf set as follows: DefaultRoot /var/ftp RequireValidShell off Include /etc/frontview/proftpd/Shares.conf It should have been (to give the logged on user only their home folder access):DefaultRoot ~ However, FTP access on normal Shares is broken when Home Folder FTP access is enabled...either way with DefaultRoot ~ and DefaultRoot /var/ftp (ie you can't access Home Folder AND normal Shares when FTP is enabled for both, its either 1 or the other and you have to disable Home Folder FTP access to access Normal Share FTP access) - this is not a very good implementation of FTP for OS 6.5.1 :((I haven't found a workaround/fix for this yet, since Idk how Shares.conf is managed for the normal shares, and why the Home (DefaultRoot) would not allow other shares when enabled through the UI...) There is also a possible issue with changing FTP settings (enabled/disabling FTP shares, etc.), you have to turn off/on the FTP service from the System -> Seting UI to update the settings....if this is the case, its a big pain in the *** when making changes and not known, otherwise an inconvineince and poor way to manage the UI FTP settings.

Is there any documentation on the way Netgear ReadyNAS OS 6.5.1 FTP works? I wanted to clarify, specifically, of FTPS = FTP via SSL-TLS? I also wanted to clarify if that is different to SFTP? I've found the following circumstances, and just wanted some clarity on it: 1) on the NAS-FrontView, I've enabled FTP with 'Enabled Forced FTPS' 2) I've enabled FTP access on the Home Folders 3) I then use Filezilla, with a non admin username and it logs in correctly to the correct folder, working fine, etc.Status: Connection established, waiting for welcome message...Status: Initializing TLS...Status: Verifying certificate...Status: TLS connection established.Status: Logged inStatus: Retrieving directory listing...Status: Directory listing of "/" successful ...and for user account SSH enabled:Status: Connection established, waiting for welcome message...Status: Initializing TLS...Status: Verifying certificate...Status: TLS connection established.Status: Logged inStatus: Retrieving directory listing...Status: Server sent passive reply with unroutable address. Using server address instead.Status: Directory listing of "/" successful (note: idk where the welcome.msg file should be stored for the NAS, the default proftpd locations don't work :() 4) Using Filezilla with the admin account works fine too - it logs into /home/admin/ 5) But then, I then try to mount a share on a client machine using a SFTP mount point, the non-admin username fails and admin username accesses the whole NAS like root access (/).... 6) I enable SSH -> 'allow shell access' on each user account, and the client machine SFTP mount point works fine per user account and in the correct /home/ folder....and I beleive admin SFTP also mounts to /home/admin/ I'm a little confused - FileZilla uses TLS to access the correct home folder without enabling SSH on the user account on the NAS, yet mouting the share on a client machine using SFTP doesn't work until I enable SSH on the user account....admin works either way except it accesses as root via SFTP mount on the client machine...unless I enable SSH on a user account, then admin works like a normal user account (ie /home/admin/ is accessed).

I've just used a SFTP mounting program (DirectNet Drive) on windows PC and, if the NAS has SSH enabled on a normal user account (with SSH enabled service), and FTP enabled it gives an error when trying to connect, however Filezilla still has access to the users's home folder..using TLS. But when enabling FTP access on the Home Shares, the user has access to the root (/) folder.... using sftp://<username>:<password>@<ip>:22/ I beleive this is a major security flaw via OS 6.5.1 Frontview how it configures ProFTPD when FTP is enabled and SSH access is enabled for a normal (non-admin) user. It should restrict folder access based on the users home folder only and not allow any user access to root folder (/) ....root user being the exception (since console access is always logged in as root, so admin username should also be restricted to their home folder).

Retired_Member wrote: I wanted to clarify, specifically, of FTPS = FTP via SSL-TLS? I also wanted to clarify if that is different to SFTP? FTPS is a different protocol from SFTP. SFTP uses SSH, but FTPS uses SSL. https://en.wikipedia.org/wiki/FTPS If you are just wanting encrypted FTP then use FTPS with the NAS. Retired_Member wrote: Status: Server sent passive reply with unroutable address. Using server address instead. This line in particular is a FileZilla feature, not a problem. FTP and FTPS send the IP address of the data channel in the control channel. That creates a problem if the server is behind a NAT router - which you usually need masquerading to fix. But masquerading creates a connectivity problem on the local lan. So FileZilla and some other clients detect that the IP address for the data channel is not routable, and simply substitute the sender IP address from the IP address header instead.

Anonymous

Aug 28, 2016

FTP 'Home Folder' Directory access for all?

I've recently factory reset a RN316 on OS 6.5.1 and I've enabled FTP access on OS 6.5.1 using this with Authentication Mode as 'user', however it does not set location of the FTP user home folder correctly, instead it gives access to ALL users home folders on the NAS.

I log in via FTP with a standard 'user' u/p, goes to /home/ directory by default, and lists of all the user home folders. It should only go to the users' login directory, not /home/ for all users,

Username: Test

Password: Test

using an FTP client (FileZilla), it logs into the /home/ and lists ALL the users directories as sub-folders + files & subfolders therein...

all home user folders are listed as 'drwxr-xr-x 1 admin admin', so if FTP'ing as admin accessing then would make sense, but I'm using a non-admin user FTP login (its just a plain user) and I have access to all the other users folders?

I've looked for the FTP sertings in the Home Folders setion as per here under the "Access" table (ie you can Enable FTP on Home Folders, but there are NO settings on how FTP behaves in this section)

Am I missing something here?

ps I've also enabled 'Enable FTP Server Log Transfer' yet it does not log anything...

File Sharing

21 Replies

Replies have been turned off for this discussion

Anonymous
Aug 28, 2016
Has anyone used TFTP Server - can it be used with Home Folders? is it configurable (IP black/white lists, retry attempt count, link IP per user account, etc)
- Anonymous
  Aug 28, 2016
  I found the issue with ProFTPD giving full access to ALL the user home folders....
  
  This is from a factory reset of OS 6.5.1 and by default (when FTP is enabled), ProFTPD has the /etc/frontview/proftpd/User.conf set as follows:
  
  DefaultRoot /var/ftp
  RequireValidShell off
  Include /etc/frontview/proftpd/Shares.conf
  
  It should have been (to give the logged on user only their home folder access):
  DefaultRoot ~
  
  However, FTP access on normal Shares is broken when Home Folder FTP access is enabled...either way with DefaultRoot ~ and DefaultRoot /var/ftp (ie you can't access Home Folder AND normal Shares when FTP is enabled for both, its either 1 or the other and you have to disable Home Folder FTP access to access Normal Share FTP access) - this is not a very good implementation of FTP for OS 6.5.1 :(
  (I haven't found a workaround/fix for this yet, since Idk how Shares.conf is managed for the normal shares, and why the Home (DefaultRoot) would not allow other shares when enabled through the UI...)
  
  There is also a possible issue with changing FTP settings (enabled/disabling FTP shares, etc.), you have to turn off/on the FTP service from the System -> Seting UI to update the settings....if this is the case, its a big pain in the *** when making changes and not known, otherwise an inconvineince and poor way to manage the UI FTP settings.
  - Anonymous
    Aug 30, 2016
    Is there any documentation on the way Netgear ReadyNAS OS 6.5.1 FTP works?
    
    I wanted to clarify, specifically, of FTPS = FTP via SSL-TLS?
    
    I also wanted to clarify if that is different to SFTP?
    
    I've found the following circumstances, and just wanted some clarity on it:
    
    1) on the NAS-FrontView, I've enabled FTP with 'Enabled Forced FTPS'
    
    2) I've enabled FTP access on the Home Folders
    
    3) I then use Filezilla, with a non admin username and it logs in correctly to the correct folder, working fine, etc.
    Status: Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Status: Logged in
    Status: Retrieving directory listing...
    Status: Directory listing of "/" successful
    
    ...and for user account SSH enabled:
    Status: Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Status: Logged in
    Status: Retrieving directory listing...
    Status: Server sent passive reply with unroutable address. Using server address instead.
    Status: Directory listing of "/" successful
    
    (note: idk where the welcome.msg file should be stored for the NAS, the default proftpd locations don't work :()
    
    4) Using Filezilla with the admin account works fine too - it logs into /home/admin/
    
    5) But then, I then try to mount a share on a client machine using a SFTP mount point, the non-admin username fails and admin username accesses the whole NAS like root access (/)....
    
    6) I enable SSH -> 'allow shell access' on each user account, and the client machine SFTP mount point works fine per user account and in the correct /home/ folder....and I beleive admin SFTP also mounts to /home/admin/
    
    I'm a little confused - FileZilla uses TLS to access the correct home folder without enabling SSH on the user account on the NAS, yet mouting the share on a client machine using SFTP doesn't work until I enable SSH on the user account....admin works either way except it accesses as root via SFTP mount on the client machine...unless I enable SSH on a user account, then admin works like a normal user account (ie /home/admin/ is accessed).

Forum Discussion

FTP 'Home Folder' Directory access for all?

21 Replies

Related Content

Removing deleted user Home Folders/Directories

Folder Access to NAS

Amazon S3 not sync for ReadyNAS home directories

404 file or Directory not found

Pb avec Home folder

NETGEAR Academy

ProSupport for Business