FTP For System Access Zone only ?
1,186 views
Skip to first unread message
Scot
Feb 3, 2017, 8:47:15 PM2/3/17
to isilon-u...@googlegroups.com
Having a discussion with support and hopefully the group.
Does anyone know if FTP service was restricted since some version of OneFS.
Customer support portal does not return any definitive answers.
Reviewed:
docu65098_Isilon-OneFS-8.0.0.0---8.0.0.3-Release-Notes.pdf
docu79790_OneFS-8.0.1-CLI-Administration-Guide.pdf
docu79792_OneFS-8.0.1-Security-Configuration-Guide.pdf
docu65071_OneFS-8.0.0-Isilon-Swift-Technical-Note.pdf
Adam Fox
Feb 3, 2017, 8:54:12 PM2/3/17
to isilon-u...@googlegroups.com
S/FTP works in the System Zone only.
-- Adam Fox
--
You received this message because you are subscribed to the Google Groups "Isilon Technical User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isilon-user-gr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Erik Weiman
Feb 3, 2017, 9:03:08 PM2/3/17
to isilon-u...@googlegroups.com
Adam is correct. It has always been this way.
FTP is provided by vsftpd which is not zone aware and will only function in the system zone. In fact attempting to ftp to the cluster to a non system zone will tell you this via the error message sent to the client. This is also true of ssh being system zone only.
Scot
Feb 3, 2017, 9:24:17 PM2/3/17
to isilon-u...@googlegroups.com
Ok thanks.
Micro ftp server NFS mounting Isilon it is.
On Fri, Feb 3, 2017 at 9:03 PM, Erik Weiman <erik.j...@gmail.com> wrote:
Adam is correct. It has always been this way.FTP is provided by vsftpd which is not zone aware and will only function in the system zone. In fact attempting to ftp to the cluster to a non system zone will tell you this via the error message sent to the client. This is also true of ssh being system zone only.
On Feb 3, 2017, at 7:54 PM, 'Adam Fox' via Isilon Technical User Group <isilon-user-group@googlegroups.com> wrote:
S/FTP works in the System Zone only.
-- Adam Fox
--Having a discussion with support and hopefully the group.Does anyone know if FTP service was restricted since some version of OneFS.Customer support portal does not return any definitive answers.Reviewed:docu65098_Isilon-OneFS-8.0.0.0---8.0.0.3-Release-Notes.pdfdocu79790_OneFS-8.0.1-CLI-Administration-Guide.pdfdocu79792_OneFS-8.0.1-Security-Configuration-Guide.pdfdocu65071_OneFS-8.0.0-Isilon-Swift-Technical-Note.pdf
You received this message because you are subscribed to the Google Groups "Isilon Technical User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isilon-user-group+unsubscribe@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Isilon Technical User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isilon-user-group+unsubscribe@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Isilon Technical User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isilon-user-group+unsubscribe@googlegroups.com.
John Beranek - PA
Feb 4, 2017, 5:43:35 AM2/4/17
to Isilon Technical User Group
You get much more control/logging/functionality that way anyway...
John
On Saturday, 4 February 2017 02:24:17 UTC, Scot Needy wrote:
Ok thanks.Micro ftp server NFS mounting Isilon it is.
On Fri, Feb 3, 2017 at 9:03 PM, Erik Weiman <erik.j...@gmail.com> wrote:
Adam is correct. It has always been this way.FTP is provided by vsftpd which is not zone aware and will only function in the system zone. In fact attempting to ftp to the cluster to a non system zone will tell you this via the error message sent to the client. This is also true of ssh being system zone only.
On Feb 3, 2017, at 7:54 PM, 'Adam Fox' via Isilon Technical User Group <isilon-u...@googlegroups.com> wrote:
S/FTP works in the System Zone only.
-- Adam Fox
--Having a discussion with support and hopefully the group.Does anyone know if FTP service was restricted since some version of OneFS.Customer support portal does not return any definitive answers.Reviewed:docu65098_Isilon-OneFS-8.0.0.0---8.0.0.3-Release-Notes.pdfdocu79790_OneFS-8.0.1-CLI-Administration-Guide.pdfdocu79792_OneFS-8.0.1-Security-Configuration-Guide.pdfdocu65071_OneFS-8.0.0-Isilon-Swift-Technical-Note.pdf
You received this message because you are subscribed to the Google Groups "Isilon Technical User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isilon-user-gr...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Isilon Technical User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isilon-user-gr...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Isilon Technical User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isilon-user-gr...@googlegroups.com.
julian firminger
Jun 7, 2017, 9:07:37 AM6/7/17
to Isilon Technical User Group
You can however, change the chroot on a user by user basis so you dont have to expose the whole of /ifs.
You can define the user config directory with "isi ftp user-config-dir=<dir>
And in that dir create conf files for each user, named as that user, with:
local_root=/ifs/<some>/<path>
chroot_local_user=yes
(note you CAN create these for domain users by "vi <DOMAIN>\\USER" which will create files with "\" delimiters in them. Just remember to double escape these when interacting with them)
The last part is to jail all local root path to an arbitrary dir (defined in isi ftp local-root-path=<path>)
Adam Fox
Jun 7, 2017, 5:00:23 PM6/7/17
to isilon-u...@googlegroups.com
Be aware that, while you can do this, because ftp is in the System zone, it will only authenticate users from the System zone providers. If you come in through the System zone and then a user tried to login with credentials that are not in the System zone, the login will fail. Also, you could run into file permissions conflicts if you dump a System zone user into a non-System zone path when that non-System zone authenticates to different providers than the System zone.
Bottom line, it will work in some cases but not others. I do agree that using external FTP servers that are NFS clients to the cluster is a cleaner solution.
Reply all
Reply to author
Forward
0 new messages