Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
+1 vote
1.2k views
in CompleteFTP by
Hi,

I'm currently looking into making the process of creating accounts a little easier & have briefly looked into scripting, but am a bit confused about how we can transfer variables from powershell into the enterprise editions command line via SSH.

All of the accounts we create have two users with their three letter abbreviation followed by either .more2 for internal use or .user for external use. I would like to set it up so that the only characters a user has to enter while running the script is the three letter abbreviation & the script will create the rest.

Do you have any ideas on how to achieve this?

1 Answer

0 votes
by (161k points)

Powershell now includes an SSH client, so you can ssh to the Admin site as described here and run commands such as useradd

by (100 points)
Hi,

I have tested with that & unfortunately it doesn't seem to support authentication through a secure string, so currently I cannot seem to authenticate securely in an automated manner with SSH in Powershell. I have tried key auth, but that also requires a plaintext password & doesn't seem to accept a secure string either.

Have you seen any other solutions to this?

Cheers,
Johnny
by (161k points)
Get Powershell to run putty (plink). With the -m option you can pass a script in.
by (100 points)
So I have figured out how to securely insert credentials into SSH (Powershell SSH, currently does not support this as I cannot seem to marshal into that ssh process) but plink does work & after marshalling the secure string I can now automate logon completely securely.

The only problem I have now is that I can see no functionality in the unix-like command list to administrate groups for some reason? Is this an incomplete task list, or was for some reason this left out?

Thanks,
Johnny
by (161k points)
The command-line admin commands are fairly limited, but we are gradually adding to them. If you can tell us which ones are required, we can try to add some to the next release.

I'm guessing groupadd to add a new group, and an option to usermod to add a user to a group?
by (51.1k points)
You can actually add your own command if you have Enterprise Edition.  To do that, please do the following:

1. Open the Extensions panel.

2. Click Add extension -> Javascript (JSS) extension -> Custom Commands

3. Enter 'AdminAPI' into the Name field.

4. Enter the following JSS code:

function groupadd(userName, groupName) {
    var config = system.getConfig();
    var user = config.users.get(userName);
    var group = config.groups.get(groupName);
    group.members.add(user);
    config.applyChanges();
}

5. Select the Permissions tab

6. Click Add user permission and select AdminAPI and your user

7. Click Apply changes


You should now be able to add users to groups in SSH using the command:

groupadd myuser mygroup
by (100 points)
Another question, just looking at the folder permissions section of the script & I have noticed that it references the virtual file system - currently all of of client folders are setup within a Windows file system, as our automation to deliver files depends on this. Is there a way to easily find out what the virtual path of a folder is within the windows file system & is that aliased directly from the virtual file system to the windows? IE, does a change on a virtual folder to add read permissions also then apply to the windows folder?

If that is not the case, is windows folder admin possbile with current scripting?

Thanks again!
Johnny
by (100 points)
Thats great, thanks for that! Is there a way to give folder permissions also through the JSS extension?
by (51.1k points)
Yes you can do most administration tasks through the JSS Config API, which is documented at

https://enterprisedt.com/products/completeftp/doc/guide/jssapi/Config.html

For example, to give the group, mygroup, read permission to the folder, /myfolder, you'd do:

var config = system.getConfig();
var folder = config.folders.get("/myfolder");
folder.access.group.groupName = "mygroup";
folder.access.group.permissions = [ "FileRead" ];
config.applyChanges();
by (51.1k points)
Folder objects have a mappingPath property that give you the Windows path.  JSS has no native way to set Windows permissions, but you can use .NET classes from JSS scripts, so you should be able to use System.IO.Directory.SetAccessControl  to modify permissions.  Just make sure you fully qualify the class names.
by (100 points)
OK, so this is what I have so far:

//Add Group Folder Perms

function groupfolderperm(groupName ) {
    var config = system.getConfig();
    var group = config.groups.get(groupName);
    var folder = config.folders.get("D:\\FTPData\\Users\\%HomeBaseFolder%");
    folder.access.group.groupName = "mygroup";
    folder.access.group.permissions = [ "FileRead,FileWrite,FileAppend,FileRename,FileDelete,FileExecute,DirList" ];
    config.applyChanges();
}

Unfortunately it cannot resolve %HomeBaseFolder%:

groupfolderperm TESTGROUP
error: command 'groupfolderperm TESTGROUP' failed: Invalid argument: Path must be absolute: D:\FTPData\Users\%HomeBaseFolder%

Any idea how I can add the name of the folder as a variable as this location depends on the user&group that  the script is running on behalf of?

I have also written the following to add the owner & permissions for the two accounts that need access to these folders:

//Add more2 as owner & set permissions

function folderowner(userName) {
    var user = config.users.get(userName);
    var folder = config.folders.get("D:\FTPData\Users\%HomeBaseFolder%\FromMore2");
    folder.access.owner.user.permissions = [ "FileRead,FileWrite,FileAppend,FileRename,FileDelete,FileExecute,DirList" ];
    config.applyChanges();
}
//Add client user permissions

function folderclient(userName) {
    var user = config.users.get(userName);
    var folder = config.folders.get("D:\FTPData\Users\%HomeBaseFolder%\FromMore2");
    folder.access.user.permissions = [ "FileRead,FileWrite,FileAppend,FileRename,FileDelete,FileExecute,DirList" ];
    config.applyChanges();
}

But from what I can tell, these won't work due to the same issue?

Thanks again for your help so far,
Johnny
by (51.1k points)
You need to use the path in the virtual file system in your config.folders.get statements, e.g. "/Home/MyUser/Subdir".
by (100 points)
OK, so I have:

function groupfolderperm(groupName) {
    var config = system.getConfig();
    var group = config.groups.get(groupName);
    var fullpath = "\home\" + group;
    var folder = config.folders.get(fullpath);
    folder.access.group.groupName = groupName;
    folder.access.group.permissions = [ "FileRead,FileWrite,FileAppend,FileRename,FileDelete,FileExecute,DirList" ];
    config.applyChanges();
}

The problem I'm having now is that the SSH session is telling me that the command could not be found:

groupfolderperm "testgroup"
error: could not find command 'groupfolderperm "testgroup"'
by (51.1k points)
Please check the log file for compile errors.  The log file is at:
C:\ProgramData\Enterprise Distributed Technologies\CompleteFTP\Logs\Diagnostics.log

Your script yielded the following error:

  JSS compile error: no viable alternative at input 'var' (line 6, column 5)

This error is happening because you should be using forward slashes instead of backslashes.

Another couple of points:
1. there's no need to get the Group object, using config.groups.get, as you're really just using the name
2. the permissions need to be set to an array of strings with one permission per string.
3. you don't need to put quotes around the group name when you invoke the command
4. it's a good idea to check if the folder was found, so I've added code to do that

Please try the following script.

function groupfolderperm(groupName) {
    var config = system.getConfig();
    var fullpath = "/home/" + groupName;
    var folder = config.folders.get(fullpath);
    if (!folder)
        throw "Could not find folder, " + fullpath;
    folder.access.group.groupName = groupName;
    folder.access.group.permissions = [ "FileRead", "FileWrite", "FileAppend", "FileRename", "FileDelete", "FileExecute", "DirList" ];
    config.applyChanges();
}

I've tested it and it works for me.
by (100 points)
Thanks so much, I'm definitely not in anyway a developer so you're really helping me understand what seems to be some basic JSS concepts here haha!

That seems to be working, but the virtual file path can not be found:

  command 'groupperm TESTGROUP' failed: Could not find folder,  /home/TESTGROUP

This exists in the windows file system as:

D:\FTPData\Users\TESTFOLDER

Is this because of our filestructure within completeFTP?

Currently, we don't have our windows file system within a virtual folder, it is in the root within completeFTP & is called home - do we need to put this within a virtual folder & do you know if that'll break any current functionality?

Thanks,
Johnny
by (51.1k points)
Yes, that script operates only on the permissions within the virtual file-system. It doesn't change Windows permissions.
by (100 points)
Hi,

Can we leave the current file structure alone (we don't want to break this, as it is a production server) & just create a new virtual folder & then add the current windows folder into that? So we have a windows folder with all of the clients folder & a virtual folder with the windows folder & all of the clients?

Thanks,
Johnny
by (51.1k points)
Just to make sure I'm understanding you correctly:

Your Windows file structure is like this:

C:\A\B
C:\A\B\C

Currently you have only B mapped into the CompleteFTP Virtual File-System (VFS), so it just look like this:

/B

But you want to use CompleteFTP permissions to control access to C:\A\B\C, so you therefore want to add C to the VFS, so that it becomes:

/B
/B/C

thus allowing you to set the permissions of C in the VFS.

If that's what you mean then yes, you can do that. Just keep in mind that, by default, the permissions of Windows users in CompleteFTP are NOT controlled by CompleteFTP, so if you want to control permissions of Windows users from CompleteFTP then you need to set the Access Control property of your Windows users to Non-Windows.

Categories

...