Share data through SFTP instead of SMB (and permissions)


burtaverde

Recommended Posts

Hello people that know more than me. Excuse me if this has already been posted, i did try to find it but no luck.

 

I noticed most people use SMB for all their media and data sharing purpose. Is there something wrong with using sftp instead?

 

If there's no issue with it, would it be possible to set share access permissions by user? Such as making a read only user or one access only certain shares?

Edited by burtaverde
Link to comment

It depends what your purpose is and how you plan to access the shares with sftp.  sftp is just a protocol, it's secure ftp.  Generally speaking you can't mount an sftp server as a share (mapped drive) on Windows (that's why SMB is used).  You can, but it's not "usable".  

 

 

Let's say you have a Word document and an Excel spreadsheet on the share, and you want to access them / use them / change them.

 

With SMB, you can directly open the files and manipulate them, and save them directly to the share.  No problem, right?

 

With SFTP if you "open" the file, you are actually downloading it from the server (because sftp is secure file transfer protocol) and the file will generally end up in your Windows Downloads location, because when you attempt to access the file it will ask you want you want to open the file with .. and if you select a web browser it will open your web browser, ask you for the ftp login details again, and then download the file to the default download location.

 

If you select another app to open the file with, it may end up in a temporary file location somewhere.

 

So now that the file is [somewhere] on your computer... you edit it, make changes to it, do whatever... and save it.  That file is saved on your computer.  You now have to add it to your Unraid array and overwrite the old file with the new copy.  If you forget to do that you will always have only the original file on your array, because with sftp you only downloaded a copy of it....

 

Do you understand?

 

So while what you're asking is technically possible, depending on your use case and what files you are accessing and everything like that, using sftp may end up being more of a problem for you.

  • Like 1
Link to comment

alright that makes sense. SMB is definitely better when working on stuff. 

 

Now for media streaming (already have plex, but sftp is more stable locally) or moving, Sftp seems to be a superior solution since you just need to open an app like winScp and copy/delete/move the files without having the user add it to their windows system.

Link to comment
26 minutes ago, burtaverde said:

Now for media streaming (already have plex, but sftp is more stable locally)

Most of us have our media on our Unraid server, and run a plex server docker on that same server. Then any plex client can stream that media without even having to know anything about the files on the Unraid server. Certainly see no reason to get sftp involved in this or even SMB.

Link to comment

for streaming plex is great (and that's what everybody other than me use when connecting to my server), although sftp is faster to start. For file transfers (like when somebody wants to put a movie or get some software from my server), i'd rather go sftp than smb since it doesn't require a difficult setup. Just open winscp, tell the user the ip, login info and they're done. But that's where security comes in, i'm hoping to be able to create unraid users with different permissions so they only have access to certain parts or can only read and no write.

Edited by burtaverde
Link to comment

If you are

3 hours ago, trurl said:

talking about letting people not on your LAN access the files on your server

then I highly recommend taking this advice.

1 hour ago, Energen said:

If you are dead set on some sort of ftp... then you might look at using proftpd.. it's not quite an easy set up though, it would take a fair amount of manual setup for the user access.  The built in user accounts for Unraid don't really offer a full set of security features for user permissions.

 

Unraid user accounts don't really provide access control for anything but SMB, NFS protocols. An FTP plugin or docker will have its own ways to configure and control user access.

  • Like 1
Link to comment
2 hours ago, trurl said:

No need to add anything to windows to use SMB to access network shares and copy/delete/move files on the LAN. And Unraid User Shares provide ways to control access for specific users.

i did notice that it's pretty easy to setup permissions there. Although for some reason it seems to not like me lately and doesn't want to be seen by any device in my lan. I'm not against smb, but i'm so used to SFTP for this kind of use that i'd like to keep going.

Edited by burtaverde
extra details
Link to comment
2 hours ago, trurl said:

Unraid user accounts don't really provide access control for anything but SMB, NFS protocols. An FTP plugin or docker will have its own ways to configure and control user access.

Is the SMB access control new? Seems like adding it to ftp/sftp would be very similar. I guess in the end i would need a plugin/docker other than the basic ssh one to be able to achieve my goal. Now to find the right one.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.