I have two network shared devices called worldbook-work and worldbook-media. I will refer to these as work and media respectively. Work is used by my company as an information store. Users will need to read and write to it. Media has two separate shares on it. One for music and one for videos. I have this to allow family access remotely. There is no need to write to this remotely so the share account on the device only allows reading as another layer of security. Finally I need to support a dropbox for a photography group I am in. The photographers will drop their pictures off and the administrator will log in, download the pictures and put them on another website, the administrator will delete the files once retrieved. Photographers should not be able to see or modify another photographer's files. I am just using local server disk for this since the files are transitory and the original photographer can send another copy if a problem arises.
Work users will need full access to work. Family will need read access to media. I will need full access to work and read access to media. and I have users who need to use the dropbox as described above. All while most shares are over a SMB mount.
Here are the coming posts to show you what I did.
- Setting up Ubuntu Server with Static IP, network device aliases, and SSH support.
- Setting up Pure-FTP server with Passive NAT support, and proper security precautions
- Setting up a directory structure with permissions and virtual users with bandwidth control
- Setting up mounts with credential files for added security and binding to share mounts amoung many folders.
- Setting up TLS security to enable encrypted FTP. Referred to as FTPS.
To do/desires:
- Force TLS for all users except dropbox users.
- send an email after a file is sent to dropbox, but no other share
- (Not possible without a separate server process from what I can tell.)
- Refine directory management and permissions. Perhaps have a virtual layer of permissions on top of existing directory permissions.
- (Not possible without a software change. Though it should be possible to code with dot files in folders.)
- Allow each virtual user to have a virtual private folder.
- (I have no clue or even a suggestion for this)
No comments:
Post a Comment