cancel
Showing results for 
Search instead for 
Did you mean: 

Controlling FTP access

nickmck
Champ in-the-making
Champ in-the-making
Hello,

We have recently updated a client's Alfresco server to version 3.2 and we are having some difficulties achieving a similar layout to the previous setup.

What we need is around 30 different users, who each have access to their own document library and have no access to eachother's (no viewing at all).

We have tried creating sites for each user, and the permissions work fine within Alfresco. The problem is, they need to use FTP to access the data and the permissions do not seem to follow across there. All users can see eachother's folders etc.

I read here that you can enter some lines into the file-servers.xml but the file doesn't seem to exist. All I have is file-servers-custom.xml.sample and file-servers.custom.xml.sample2. Neither of which mention FTP whatsoever.

Can anybody help here ?

Let me know if you need any more info,

Many thanks in advance,

Nick
8 REPLIES 8

nickmck
Champ in-the-making
Champ in-the-making
Hi,

thanks for the fast response.

Had a read of your link there, I don't quite follow where you're meant to put these lines in for configuration. As I mentioned in post, I don't have a file-servers-custom.xml nor file-servers-context.xml.

Should I have those files to begin with or not ?

I am looking in the C:\Alfresco\tomcat\shared\classes\alfresco\extension folder.

dward
Champ on-the-rise
Champ on-the-rise
You set the properties in alfresco-global.properties.

http://wiki.alfresco.com/wiki/Repository_Configuration#Global_Property_Overrides

file-servers.xml is not used in v3.2.

nickmck
Champ in-the-making
Champ in-the-making
Ah! exactly what I needed to know, thank you.

Unfortunately still can't quite manage what I'm trying to do… having difficulty sorting through the wiki, as some of the information is for previous versions.

What I'd like to do, is set the default access type to None. So that by default nobody can see anything.

Then manually give individual users write access to a site.

So that only one user and the admin account will have write access to each site, every other user will have None.

What exactly do I need to add to the file, is it something along the lines of :

filesystem.acl.global.defaultAccessLevel=None
filesystem.acl.<sitename>.userAccessControls=<username>,<admin>
filesystem.acl.<sitename>.userAccessControls.value.<username>.accessType=Write
filesystem.acl.<sitename>.userAccessControls.value.<admin>.accessType=Write

and then repeat the last 3 lines for each site (changing <sitename> and <username>) ?

thanks again for your help.

gronfelt
Champ in-the-making
Champ in-the-making
I don't think that you can set the properties for individual spaces like that, I think that you need to create a spring bean override as described in the wiki:

http://wiki.alfresco.com/wiki/File_Server_Subsystem#Advanced_Server_Configuration

You could copy the file /tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/fileServers/default/file-servers-context.xml and use that as a starting point. Then you could perhaps define a file system bean for each of the sites or spaces that you want to configure and set access control levels there. I haven't tried anything like that myself, so I really don't know if it would work, but that's where I'd start looking.

nickmck
Champ in-the-making
Champ in-the-making
Okay then. So am I being thick …. because I can't find a reference anywhere with how to write these commands. Its proving particularly awkward!

Also - where should I place "file-servers-context.xml"  ?

thanks Smiley Happy

gronfelt
Champ in-the-making
Champ in-the-making
First a disclaimer: I haven't tried any of this myself and my knowledge is limited, so I just might be threading on very thin ice here. Please feel free to correct me if any of this is wrong, but I hope that it might be a push in the right direction.

You could copy file-servers-context.xml to tomcat/shared/classes/alfresco/extension/subsystems/fileServers/default/default/custom-file-servers-context.xml.

The interesting part of the file should be the one that starts with:

<!– Alfresco repository access shared filesystem –>
            <bean class="org.alfresco.filesys.repo.ContentContext">
               <property name="deviceName">
                  <value>${filesystem.name}</value>
               </property>
               <property name="storeName">
                  <value>${spaces.store}</value>
               </property>
               <property name="rootPath">
                  <value>/${spaces.company_home.childname}</value>
               </property>

The class org.alfresco.filesys.repo.ContentContext defines a filesystem. You might be able to create another bean definition like that, but give it another deviceName.  The wiki describes how you could use a property named relativePath to adress a certain folder:

The optional relativePath property can be specified to set the root of the filesystem at a particular folder. The relative path can be specified using forward or back slashes, and may contain multiple levels.

http://wiki.alfresco.com/wiki/File_Server_Subsystem#Advanced_Server_Configuration

However, I'm not really sure of how the relative path should be specified. But if you look in the node browser you will see that a site path typically looks like this:

/{http://www.alfresco.org/model/application/1.0}company_home/{http://www.alfresco.org/model/site/1.0}s...

Access control is set further down in the definition:

<!– Additional access control of the filesystem –>
               <!– Access type of 'none' will stop the filesystem from showing up for that user/address/protocol –>
               <!–
                  <property name="accessControl"> <bean class="org.alfresco.filesys.config.acl.AccessControlListBean">
                  <property name="defaultAccessLevel"> <value>Write</value> </property> </bean> </property>
               –>

You would have to read in the wiki to see how you could customize the settings further on a user level, but that's where I would start looking.

Note: You see that some values are externalized, so that Alfresco will look for them in any properties file, like ${filesystem.name}. You could do it like that, but you might as well write the values directly in the bean definition.

nickmck
Champ in-the-making
Champ in-the-making
okay thats great. thanks a lot. will give it a shot!